n2000 system user manual

Chapter 1 System Description 1-1........................................................................

1.1 Product Introduction 1-1...............................................................................1.2 Architecture 1-2............................................................................................

1.2.1 Software Architecture 1-2.....................................................................1.2.2 Hardware Architecture 1-3...................................................................

1.3 Technical Indices 1-4....................................................................................1.4 System Interface Standards 1-4...................................................................1.5 About Help 1-4..............................................................................................

1.5.1 How to Get Help 1-4.............................................................................1.5.2 Content 1-5..........................................................................................1.5.3 Conventions 1-6...................................................................................1.5.4 How to Use Help 1-7............................................................................

Chapter 2 Topology Management 1-1..................................................................

2.1 Basic Concepts 1-2......................................................................................2.1.1 Concept Description 1-2.......................................................................2.1.2 Icon Description 1-4.............................................................................

2.2 Functions 1-5................................................................................................2.2.1 Editing the Topological View 1-5..........................................................2.2.2 Viewing a Topological View 1-12...........................................................2.2.3 Setting Default SNMP Parameters 1-14................................................2.2.4 Setting Access Protocol Parameters 1-15.............................................2.2.5 Setting Device Maintenance Information 1-17.......................................2.2.6 Auto Device Discovery 1-18...................................................................

2.3 Deploying Devices 1-20..................................................................................2.3.1 Preparations 1-20...................................................................................2.3.2 Adding a Submap 1-20..........................................................................2.3.3 Adding a Device to the NMS 1-20..........................................................2.3.4 Add Links 1-21.......................................................................................2.3.5 Device Deploying Example 1-22............................................................

Chapter 3 Fault Management 3-1..........................................................................

3.1 Basic Concepts 3-1......................................................................................3.1.1 Alarm Definition 3-1..............................................................................3.1.2 Term Explanations 3-2.........................................................................

3.2 Functions 3-4................................................................................................3.2.1 Browsing Alarm 3-4..............................................................................3.2.2 Alarm Statistics 3-6..............................................................................3.2.3 Setting Local Alarm Attributes 3-7........................................................3.2.4 Setting Automatic Alarm Dumping 3-7.................................................3.2.5 Setting Automatic Alarm Acknowledgement 3-9..................................

3.2.6 Setting Alarm Synchronization 3-9.......................................................3.2.7 Setting Remote Alarm Notification 3-10.................................................3.2.8 Setting Alarm Correlation 3-11...............................................................3.2.9 Locating Alarm/Event 3-12.....................................................................3.2.10 Managing Alarm Maintenance Tips 3-12.............................................

3.3 Troubleshooting 3-13......................................................................................3.3.1 Preparation 3-14....................................................................................3.3.2 Getting Alarm Information 3-15..............................................................3.3.3 Analyzing Alarm 3-16.............................................................................3.3.4 Eliminating Fault 3-16............................................................................3.3.5 Acknowledging and Recovering Alarm 3-16..........................................3.3.6 Sharing Alarm Maintenance Tips 3-17...................................................3.3.7 An Example of Troubleshooting 3-17.....................................................

Chapter 4 Performance Management 4-1............................................................

4.1 Realtime Performance Management 4-2......................................................4.1.1 Adding/deleting Performance Indexes 4-2...........................................4.1.2 Saving Data 4-2...................................................................................4.1.3 Adjusting Refresh Frequency 4-2.........................................................

4.2 Task Management 4-3..................................................................................4.2.1 Viewing Tasks 4-3................................................................................4.2.2 Creating Tasks 4-4...............................................................................4.2.3 Suspending Tasks 4-7.........................................................................4.2.4 Resuming Tasks 4-7............................................................................4.2.5 Deleting Tasks 4-7...............................................................................

4.3 Data Management 4-8..................................................................................4.3.1 Querying Performance Data by Measuring Object 4-8........................4.3.2 Querying Performance Data by Task 4-10.............................................4.3.3 Setting Data Security Term 4-11............................................................

4.4 Data Integrity Management 4-12....................................................................4.4.1 Querying Data Integrity 4-12..................................................................4.4.2 Mending Data 4-13.................................................................................

4.5 Performance Alarm Threshold Management 4-14.........................................4.5.1 Querying Performance Alarm Threshold 4-14.......................................4.5.2 Adding a Performance Alarm Threshold 4-15........................................4.5.3 Modifying a Performance Alarm Threshold 4-16....................................4.5.4 Deleting a Performance Alarm Threshold 4-17......................................

4.6 Performance Measurement 4-17....................................................................4.6.1 Time Distribution Analysis 4-17..............................................................4.6.2 Global Traffic Flow Analysis 4-18...........................................................4.6.3 Call Failure Analysis 4-19......................................................................

4.7 Other Functions 4-20......................................................................................4.7.1 Changing Graph Settings 4-20...............................................................4.7.2 Saving Measurement Data 4-21............................................................4.7.3 Printing Measurement Data 4-22...........................................................4.7.4 Deleting Measurement Data 4-22..........................................................4.7.5 Creating a Conditional Expression 4-23.................................................

Chapter 5 Security Management 5-1....................................................................

5.1 Basic Conception 5-1...................................................................................5.2 Functions 5-2................................................................................................

5.2.1 Creating a User 5-2..............................................................................5.2.2 Modifying User Attributes 5-3...............................................................5.2.3 Assigning a User to User Groups 5-3..................................................5.2.4 Assigning Operation Right to a User 5-3..............................................5.2.5 Assigning Management Right to a User 5-5........................................5.2.6 Creating a User Group 5-5...................................................................5.2.7 Modifying User Group Attributes 5-6....................................................5.2.8 Assigning Operation Right to a User Group 5-6...................................5.2.9 Assigning Operation Right to a User Group 5-7...................................5.2.10 Creating an Operation Set 5-8...........................................................5.2.11 Modifying Operation Set Attributes 5-8..............................................5.2.12 Setting Operations in an Operation Set 5-8.......................................5.2.13 Setting User ACL Right 5-9................................................................5.2.14 Setting System ACL 5-9.....................................................................5.2.15 Realtime Monitoring User Operation Logs 5-9...................................5.2.16 Browsing/Dumping User Operation Logs 5-10.....................................

5.3 User Right Management 5-12........................................................................5.3.1 Preparations 5-12...................................................................................5.3.2 Creating Users 5-12...............................................................................5.3.3 Adding Users to User Groups 5-13........................................................5.3.4 Adjusting User Operation Right 5-13.....................................................5.3.5 Adjusting User Management Right 5-13................................................5.3.6 Configuring ACL 5-13.............................................................................5.3.7 User Log In 5-13....................................................................................

5.4 License Management 5-15.............................................................................5.4.1 Querying License 5-15...........................................................................5.4.2 Upgrading License 5-15.........................................................................

Chapter 6 Environment Monitoring Management 6-1.........................................

6.1 Monitoring Power Parameters 6-1................................................................6.2 Monitoring Environment Parameters 6-3......................................................

6.3 Monitoring Configuration Information 6-4.....................................................6.4 Related Operations 6-5................................................................................

6.4.1 Configuring Synchronizing Period 6-5..................................................6.4.2 Synchronizing Monitoring Unit List 6-6.................................................6.4.3 Synchronizing Environment Monitoring Device 6-7.............................6.4.4 Refreshing Environment Monitoring Unit List 6-7.................................6.4.5 Browsing Legend 6-8...........................................................................

Chapter 7 Database Backup Tool 7-1...................................................................

7.1 Functions 7-1................................................................................................7.1.1 Starting/Exiting a Database Backup Tool 7-1......................................7.1.2 Viewing a Database 7-2.......................................................................7.1.3 Viewing Logs 7-3..................................................................................7.1.4 Configuring a Database Server 7-4......................................................7.1.5 Configuring a Database Set 7-5...........................................................7.1.6 Configuring an Auto Backup Policy 7-6................................................7.1.7 Configuring a Backup Device 7-7.........................................................7.1.8 Manual Backup 7-7..............................................................................7.1.9 Configuring an Auto Backup Task 7-8.................................................7.1.10 Restoring a Database 7-9..................................................................

7.2 Backing Up/Restoring a Database 7-9.........................................................7.2.1 Preparations 7-10...................................................................................7.2.2 Backing Up a Database 7-10.................................................................7.2.3 Restoring a Database 7-11....................................................................

Chapter 8 System Monitor 8-1..............................................................................

8.1 Starting/Exiting a System Monitor 8-1..........................................................8.2 Starting/Closing an NMS Server 8-2............................................................8.3 Querying Processes 8-3...............................................................................8.4 Querying Database Information 8-4.............................................................8.5 Querying System Resource Information 8-4................................................8.6 Querying Disk Information 8-4......................................................................8.7 Querying Component Information 8-5..........................................................8.8 Setting a System Monitor 8-5.......................................................................

Chapter 9 NMS Security Policy 9-1......................................................................

9.1 Overview 9-1................................................................................................9.2 Security of Operating System 9-1.................................................................

9.2.1 Security Policy for UNIX System 9-2....................................................9.2.2 Security Policy for Windows System 9-12..............................................

9.3 Security of NMS Database 9-15.....................................................................9.4 Equipment Access Control 9-15.....................................................................

9.5 Network Security Monitoring 9-16..................................................................

Chapter 10 Routine Maintenance 10-1...................................................................

10.1 NMS Maintenance Suggestions 10-1...........................................................10.2 Daily Maintenance Suggestions 10-2...........................................................

10.2.1 Monitoring Running Environment 10-2.................................................10.2.2 Checking Network Running Status 10-2..............................................10.2.3 Checking Running Status of NMS Processes 10-3..............................10.2.4 Checking Server Performance 10-4.....................................................10.2.5 Checking Running Status of Equipment 10-4......................................10.2.6 Checking Running Status of Boards 10-5............................................10.2.7 Saving Configuration Data of Equipment 10-5.....................................10.2.8 Monitoring and Processing Alarms 10-6..............................................10.2.9 Monitoring User Operations 10-7.........................................................10.2.10 Backing up NMS Database 10-8........................................................10.2.11 Shift Maintenance 10-8......................................................................

10.3 Weekly Maintenance Suggestions 10-9.......................................................10.3.1 Checking Performance Data 10-9........................................................10.3.2 Managing Hard Disk Space of Server 10-10..........................................10.3.3 Managing Database Space 10-10..........................................................10.3.4 Backing up NMS Database 10-11..........................................................10.3.5 Managing User Authority 10-12.............................................................10.3.6 Outputting Weekly Report 10-13............................................................

10.4 Monthly Maintenance Suggestions 10-13......................................................10.4.1 Checking NMS Running Performance 10-13.........................................10.4.2 Checking NMS Workstation Security 10-14...........................................10.4.3 Checking NMS Installation Disk 10-15...................................................10.4.4 Saving or Deleting History Data in NMS Database 10-16......................10.4.5 Exporting or Clearing Data Files 10-16..................................................10.4.6 Checking Hardware, Power Supply and Equipment RoomEnvironment of Workstation 10-17....................................................................10.4.7 Checking SUN Terminal and PC Terminal of NMS 10-18.....................10.4.8 Outputting Monthly Report 10-18...........................................................

10.5 Quarterly Maintenance Suggestions 10-19....................................................10.5.1 Checking NMS by Remote Logon 10-19................................................10.5.2 Communicating Maintenance Experience 10-19...................................10.5.3 Outputting Quarterly Report 10-20.........................................................

10.6 Yearly Maintenance Suggestions 10-20.........................................................10.6.1 Summarizing Yearly Maintenance Experience 10-20............................10.6.2 Outputting Yearly Report 10-20.............................................................

Chapter 11 Remote Maintenance 11-1...................................................................

11.1 Setting Up Remote Maintenance Channels 11-1.........................................11.2 Hardware Requirements and Connection Methods 11-1.............................

11.2.1 PC and PC workstation 11-2................................................................11.2.2 SUN workstation 11-2..........................................................................

11.3 Software Configuration for Communication Connections 11-3.....................11.3.1 PC/Windows2000 as PSTN dial-up access server 11-3......................11.3.2 PC/Windows2000 as PSTN dial-up client 11-3....................................11.3.3 SUN workstation as PSTN dial-up access server 11-4........................

11.4 Remote Maintenance Schemes 11-10...........................................................11.4.1 SUN workstation serves as the dial-up server 11-10.............................11.4.2 PC/Windows2000 serves as the dial-up server 11-11...........................

11.5 Troubleshooting 11-11....................................................................................

Appendix A FAQs A-1............................................................................................

A.1 Workstation A-1............................................................................................A.1.1 How to Start Sun Workstation from CD-ROM (Sun/Solaris) A-1..........A.1.2 Sun Workstation Abnormally Shut Down (Sun/Solaris) A-1.................A.1.3 How to Set IP Address of Sun Workstation (Sun/Solaris) A-1.............A.1.4 How to Change Host Name of Sun Workstation (Sun/Solaris) A-2......A.1.5 Failed to Connect PC to Sun Workstation throughDirect-connect Cable ( Sun/ Solaris) A-2.......................................................A.1.6 Keyboard No Response for Sun Workstation (Sun/Solaris) A-2..........A.1.7 How to Configure Maximum Terminals for Sun Workstation (Sun/ Solaris)? A-2.........................................................................................A.1.8 How to Use CD-ROM Drive (Sun/Solaris) A-2.....................................A.1.9 How to Use Tape Drive (Sun/Solaris) A-3............................................A.1.10 Failed to Log in to the System as a Root User While UsingFTP ( Sun/ Solaris) A-4.................................................................................A.1.11 Can’ t Use Services Such as Telnet After the NMS isInstalled A-4...................................................................................................A.1.12 File Size Changed When FTP is Used to Send Files A-4..................A.1.13 Execution Authority of Files is Lost When FTP is Used toSend Files A-5...............................................................................................

A.2 Database A-5................................................................................................A.2.1 How to Change the Password of "sa" (Sun/Solaris/Sybase)? A-5.......A.2.2 How to Set the sa Password (Windows/SQL Server 2000) A-5...........A.2.3 Sun Workstation Abnormally Shut Down (Sun/Solaris/Sybase) A-6....A.2.4 Unable to Start Sybase(Sun/Solaris/Sybase) A-6................................

A.3 NMS A-6.......................................................................................................A.3.1 No Response from Left Mouse Button A-6..........................................A.3.2 Some NMS Functions Abnormal Due to OS Time Changed A-7.........A.3.3 Alarm Window Display Abnormal Due to Alarm Panel Closed A-7......

A.3.4 Installation Interface No Response (Windows) A-7..............................A.3.5 Shortcut No Response A-8..................................................................A.3.6 Help Window No Response A-8...........................................................A.3.7 Topology Display Abnormal A-8...........................................................A.3.8 Nonstop Alarm Sound A-8...................................................................A.3.9 How to View Text Completely A-9........................................................A.3.10 Abnormality Occurs When Selecting Multiple Records inTable A-9.......................................................................................................A.3.11 Failed to Restore Database A-9.........................................................A.3.12 "Admin" Fails to Log in A-9................................................................A.3.13 Device Name Overlap A-10.................................................................

Appendix B Abbreviations B-1..............................................................................

HUAWEI

HUAWEI iManager N2000 Fixed Network Integrated Management System User Manual

V200R003

HUAWEI iManager N2000 Fixed Network Integrated Management System

User Manual

Manual Version T2-100140-20040430-C-2.30

Product Version V200R003

BOM 31013840

Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. Please feel free to contact our local office or company headquarters.

Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co., Ltd.,

Bantian, Longgang District, Shenzhen, P. R. China

Postal Code: 518129

Website: http://www.huawei.com

Email: [email protected]

Copyright © 2004 Huawei Technologies Co., Ltd.

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks

, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium, M900/M1800, TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA, iTELLIN, HUAWEI OptiX, C&C08 iNET, NETENGINE, OptiX, iSite, U-SYS, iMUSE, OpenEye, Lansway, SmartAX, infoX, TopEng are trademarks of Huawei Technologies Co., Ltd.

All other trademarks mentioned in this manual are the property of their respective holders.

Notice

The information in this manual is subject to change without notice. Every effort has been made in the preparation of this manual to ensure accuracy of the contents, but all statements, information, and recommendations in this manual do not constitute the warranty of any kind, express or implied.

About This Manual

Release Notes

This manual applies to iManager N2000 Fixed Network Integrated Management System V200R003 (hereinafter referred to as iManager N2000).

Related Manuals

Manual Content

HUAWEI iManager N2000 Fixed Network Integrated Management System Installation Manual

It introduces the installation procedures of iManager 2000, including operating system, database, NMS software and client.

HUAWEI iManager N2000 Fixed Network Integrated Management System User Manual

It introduces the basic operations of iManager N2000, including system description, topology management, fault management, performance management, security management, database backup, and system monitor. Security strategy, daily maintenance and remote maintenance are also described in this manual.

For the operations on network elements (NEs), please refer to the user manuals of the corresponding subsystem.

Organization

The manual introduces basic functions and operations of iManager N2000 and the maintenance guide as well.

Chapter 1 System Description covers function features, architecture of iManager N2000 and introduction to help system.

Chapter 2 Topology Management describes basic concepts, function features of topology management. The procedures of device deployment are illustrated with examples.

Chapter 3 Fault Management describes basic concepts, function features of fault management. The procedures of fault processing are illustrated with examples.

Chapter 4 Performance Management introduces a group of management tools, through which the user can query performance data on different layers such as network layer, device layer and port layer.

Chapter 5 Security Management introduces the user authority management of iManager N2000.

Chapter 6 Environment Monitoring Management presents the integrated environment monitoring function of the iManager N2000 on the devices of the whole network.

Chapter 7 Database Backup Tool introduces the usage of this database backup tool, which provides auto and manual database backup and recover function. It also supports the remote maintenance.

Chapter 8 System Monitor introduces the usage of the system monitoring client and its maintenance functions.

Chapter 9 NMS Security Policy provides security policies from four aspects, such as operating system, database, NM applications and network.

Chapter 10 Routine Maintenance gives suggestions and guides to routine maintenance.

Chapter 11 Remote Maintenance introduces the methods of remote maintenance on the NMS.

Appendix collects the frequent asked questions (FAQs) about the NMS maintenance and the abbreviations used in the manual.

Intended Audience

The manual is intended for the following readers:

Network design & management personnel Network maintenance personnel Engineer for iManager N2000 NMS

Conventions

I. General conventions

Convention Description

Arial Normal paragraphs are in Arial.

Arial Narrow Warnings, Cautions, Notes and Tips are in Arial Narrow.


Boldface Headings are in Boldface.

Courier New Terminal Display is in Courier New.

II. GUI conventions


< > Button names are inside angle brackets. For example, click <OK> button.

[ ] Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window.

/ Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

III. Keyboard operation

Format Description

<Key> Press the key with the key name inside angle brackets. For example, <Enter>, <Tab>, <Backspace>, or <A>.

<Key1+Key2> Press the keys concurrently. For example, <Ctrl+Alt+A> means the three keys should be pressed concurrently.

<Key1, Key2> Press the keys in turn. For example, <Alt, A> means the two keys should be pressed in turn.

IV. Mouse operation

Action Description

Click Press the left button or right button quickly (left button by default).

Double Click Press the left button twice continuously and quickly.

Drag Press and hold the left button and drag it to a certain position.

V. Symbols

Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows:

Caution, Warning, Danger: Means reader be extremely careful during the

operation.

Note, Comment, Tip, Knowhow, Thought: Means a complementary description.

User Manual HUAWEI iManager N2000 Fixed Network Integrated Management System Table of Contents

i

Table of Contents

Chapter 1 System Description ..................................................................................................... 1-1 1.1 Product Introduction........................................................................................................... 1-1 1.2 Architecture........................................................................................................................ 1-2

1.2.1 Software Architecture.............................................................................................. 1-2 1.2.2 Hardware Architecture ............................................................................................ 1-3

1.3 Technical Indices ............................................................................................................... 1-3 1.4 System Interface Standards .............................................................................................. 1-4 1.5 About Help ......................................................................................................................... 1-4

1.5.1 How to Get Help...................................................................................................... 1-4 1.5.2 Content.................................................................................................................... 1-5 1.5.3 Conventions ............................................................................................................ 1-6 1.5.4 How to Use Help ..................................................................................................... 1-6

Chapter 2 Topology Management................................................................................................ 2-1 2.1 Basic Concepts .................................................................................................................. 2-2

2.1.1 Concept Description................................................................................................ 2-2 2.1.2 Icon Description....................................................................................................... 2-4

2.2 Functions ........................................................................................................................... 2-5 2.2.1 Editing the Topological View................................................................................... 2-5 2.2.2 Viewing Topological View ..................................................................................... 2-12 2.2.3 Setting Default SNMP Parameters........................................................................ 2-14 2.2.4 Setting Access Protocol Parameters .................................................................... 2-15 2.2.5 Setting Device Maintenance Information .............................................................. 2-16 2.2.6 Auto Device Discovery .......................................................................................... 2-18

2.3 Deploying Devices ........................................................................................................... 2-19 2.3.1 Preparations .......................................................................................................... 2-19 2.3.2 Adding Submaps................................................................................................... 2-20 2.3.3 Adding Devices to the NMS .................................................................................. 2-20 2.3.4 Add Links............................................................................................................... 2-21 2.3.5 Device Deploying Example ................................................................................... 2-21

Chapter 3 Fault Management ....................................................................................................... 3-1 3.1 Basic Concepts .................................................................................................................. 3-1

3.1.1 Alarm Definition....................................................................................................... 3-1 3.1.2 Term Explanations .................................................................................................. 3-2

3.2 Functions ........................................................................................................................... 3-4 3.2.1 Browsing Alarm ....................................................................................................... 3-4 3.2.2 Alarm Statistics........................................................................................................ 3-6 3.2.3 Setting Local Alarm Attributes................................................................................. 3-7


ii

3.2.4 Setting Automatic Alarm Dumping .......................................................................... 3-7 3.2.5 Setting Automatic Alarm Acknowledgement ........................................................... 3-9 3.2.6 Setting Alarm Synchronization ................................................................................ 3-9 3.2.7 Setting Remote Alarm Notification ........................................................................ 3-10 3.2.8 Setting Alarm Correlation ...................................................................................... 3-11 3.2.9 Locating Alarm/Event ............................................................................................ 3-12 3.2.10 Managing Alarm Maintenance Tips..................................................................... 3-12

3.3 Troubleshooting ............................................................................................................... 3-13 3.3.1 Preparation............................................................................................................ 3-14 3.3.2 Getting Alarm Information ..................................................................................... 3-15 3.3.3 Analyzing Alarm .................................................................................................... 3-16 3.3.4 Eliminating Fault.................................................................................................... 3-16 3.3.5 Acknowledging and Recovering Alarm ................................................................. 3-16 3.3.6 Sharing Alarm Maintenance Tips .......................................................................... 3-17 3.3.7 An Example of Troubleshooting ............................................................................ 3-17

Chapter 4 Performance Management.......................................................................................... 4-1 4.1 Realtime Performance Management................................................................................. 4-2

4.1.1 Adding/deleting Performance Indexes .................................................................... 4-2 4.1.2 Saving Data............................................................................................................. 4-2 4.1.3 Adjusting Refresh Frequency.................................................................................. 4-2

4.2 Task Management ............................................................................................................. 4-3 4.2.1 Viewing Tasks ......................................................................................................... 4-3 4.2.2 Creating Tasks ........................................................................................................ 4-4 4.2.3 Suspending Tasks................................................................................................... 4-7 4.2.4 Resuming Tasks...................................................................................................... 4-7 4.2.5 Deleting Tasks......................................................................................................... 4-7

4.3 Data Management ............................................................................................................. 4-8 4.3.1 Querying Performance Data by Measuring Object ................................................. 4-8 4.3.2 Querying Performance Data by Task.................................................................... 4-10 4.3.3 Setting Data Security Term................................................................................... 4-11

4.4 Data Integrity Management ............................................................................................. 4-12 4.4.1 Querying Data Integrity ......................................................................................... 4-12 4.4.2 Mending Data........................................................................................................ 4-13

4.5 Performance Alarm Threshold Management................................................................... 4-14 4.5.1 Querying Performance Alarm Threshold .............................................................. 4-14 4.5.2 Adding a Performance Alarm Threshold............................................................... 4-15 4.5.3 Modifying a Performance Alarm Threshold........................................................... 4-16 4.5.4 Deleting a Performance Alarm Threshold............................................................. 4-17

4.6 Performance Measurement ............................................................................................. 4-17 4.6.1 Time Distribution Analysis..................................................................................... 4-17 4.6.2 Global Traffic Flow Analysis.................................................................................. 4-18 4.6.3 Call Failure Analysis.............................................................................................. 4-19


iii

4.7 Other Functions ............................................................................................................... 4-20 4.7.1 Changing Graph Settings...................................................................................... 4-20 4.7.2 Saving Measurement Data.................................................................................... 4-21 4.7.3 Printing Measurement Data .................................................................................. 4-22 4.7.4 Deleting Measurement Data ................................................................................. 4-22 4.7.5 Creating a Conditional Expression........................................................................ 4-23

Chapter 5 Security Management.................................................................................................. 5-1 5.1 Basic Conception............................................................................................................... 5-1 5.2 Functions ........................................................................................................................... 5-2

5.2.1 Creating a User ....................................................................................................... 5-2 5.2.2 Modifying User Attributes ........................................................................................ 5-3 5.2.3 Assigning a User to User Groups............................................................................ 5-3 5.2.4 Assigning Operation Right to a User....................................................................... 5-3 5.2.5 Assigning Management Right to a User ................................................................. 5-5 5.2.6 Creating a User Group ............................................................................................ 5-5 5.2.7 Modifying User Group Attributes ............................................................................. 5-6 5.2.8 Assigning Operation Right to a User Group............................................................ 5-6 5.2.9 Assigning Operation Right to a User Group............................................................ 5-7 5.2.10 Creating an Operation Set .................................................................................... 5-8 5.2.11 Modifying Operation Set Attributes ....................................................................... 5-8 5.2.12 Setting Operations in an Operation Set ................................................................ 5-8 5.2.13 Setting User ACL Right ......................................................................................... 5-9 5.2.14 Setting System ACL .............................................................................................. 5-9 5.2.15 Realtime Monitoring User Operation Logs............................................................ 5-9 5.2.16 Browsing/Dumping User Operation Logs............................................................ 5-10

5.3 User Right Management.................................................................................................. 5-12 5.3.1 Preparations .......................................................................................................... 5-12 5.3.2 Creating Users ...................................................................................................... 5-12 5.3.3 Adding Users to User Groups ............................................................................... 5-13 5.3.4 Adjusting User Operation Right............................................................................. 5-13 5.3.5 Adjusting User Management Right ....................................................................... 5-13 5.3.6 Configuring ACL.................................................................................................... 5-13 5.3.7 User Log In............................................................................................................ 5-13

5.4 License Management ...................................................................................................... 5-15 5.4.1 Querying License .................................................................................................. 5-15 5.4.2 Upgrading License ................................................................................................ 5-15

Chapter 6 Environment Monitoring Management ...................................................................... 6-1 6.1 Monitoring Power Parameters ........................................................................................... 6-1 6.2 Monitoring Environment Parameters ................................................................................. 6-3 6.3 Monitoring Configuration Information ................................................................................ 6-4 6.4 Related Operations............................................................................................................ 6-5

6.4.1 Configuring Synchronizing Period........................................................................... 6-5


iv

6.4.2 Synchronizing Monitoring Unit List.......................................................................... 6-6 6.4.3 Synchronizing Environment Monitoring Device ...................................................... 6-7 6.4.4 Refreshing Environment Monitoring Unit List.......................................................... 6-7 6.4.5 Browsing Legend .................................................................................................... 6-8

Chapter 7 Database Backup Tool ................................................................................................ 7-1 7.1 Functions ........................................................................................................................... 7-1

7.1.1 Starting/Exiting a Database Backup Tool ............................................................... 7-1 7.1.2 Viewing a Database ................................................................................................ 7-2 7.1.3 Viewing Logs........................................................................................................... 7-3 7.1.4 Configuring a Database Server............................................................................... 7-4 7.1.5 Configuring a Database Set .................................................................................... 7-5 7.1.6 Configuring an Auto Backup Policy......................................................................... 7-6 7.1.7 Configuring a Backup Device.................................................................................. 7-7 7.1.8 Manual Backup........................................................................................................ 7-7 7.1.9 Configuring an Auto Backup Task........................................................................... 7-8 7.1.10 Restoring a Database ........................................................................................... 7-9

7.2 Backing Up/Restoring a Database..................................................................................... 7-9 7.2.1 Preparations .......................................................................................................... 7-10 7.2.2 Backing Up a Database ........................................................................................ 7-10 7.2.3 Restoring a Database ........................................................................................... 7-11

Chapter 8 System Monitor............................................................................................................ 8-1 8.1 Starting/Exiting a System Monitor...................................................................................... 8-1 8.2 Starting/Closing an NMS Server........................................................................................ 8-2 8.3 Querying Processes .......................................................................................................... 8-3 8.4 Querying Database Information......................................................................................... 8-4 8.5 Querying System Resource Information............................................................................ 8-4 8.6 Querying Disk Information ................................................................................................. 8-4 8.7 Querying Component Information...................................................................................... 8-5 8.8 Setting a System Monitor................................................................................................... 8-5

Chapter 9 NMS Security Policy .................................................................................................... 9-1 9.1 Overview ............................................................................................................................ 9-1 9.2 Security of Operating System............................................................................................ 9-1

9.2.1 Security Policy for UNIX System............................................................................. 9-2 9.2.2 Security Policy for Windows System..................................................................... 9-12

9.3 Security of NMS Database .............................................................................................. 9-15 9.4 Equipment Access Control .............................................................................................. 9-15 9.5 Network Security Monitoring............................................................................................ 9-16

Chapter 10 Routine Maintenance............................................................................................... 10-1 10.1 NMS Maintenance Suggestions .................................................................................... 10-1 10.2 Daily Maintenance Suggestions .................................................................................... 10-2

10.2.1 Monitoring Running Environment........................................................................ 10-2


v

10.2.2 Checking Network Running Status ..................................................................... 10-2 10.2.3 Checking Running Status of NMS Processes..................................................... 10-3 10.2.4 Checking Server Performance............................................................................ 10-4 10.2.5 Checking Running Status of Equipment ............................................................. 10-4 10.2.6 Checking Running Status of Boards ................................................................... 10-5 10.2.7 Saving Configuration Data of Equipment............................................................ 10-5 10.2.8 Monitoring and Processing Alarms ..................................................................... 10-6 10.2.9 Monitoring User Operations ................................................................................ 10-7 10.2.10 Backing up NMS Database............................................................................... 10-8 10.2.11 Shift Maintenance ............................................................................................. 10-8

10.3 Weekly Maintenance Suggestions................................................................................. 10-9 10.3.1 Checking Performance Data ............................................................................... 10-9 10.3.2 Managing Hard Disk Space of Server............................................................... 10-10 10.3.3 Managing Database Space............................................................................... 10-10 10.3.4 Backing up NMS Database ............................................................................... 10-11 10.3.5 Managing User Authority................................................................................... 10-12 10.3.6 Outputting Weekly Report ................................................................................. 10-13

10.4 Monthly Maintenance Suggestions.............................................................................. 10-13 10.4.1 Checking NMS Running Performance .............................................................. 10-13 10.4.2 Checking NMS Workstation Security ................................................................ 10-14 10.4.3 Checking NMS Installation Disk........................................................................ 10-15 10.4.4 Saving or Deleting History Data in NMS Database........................................... 10-16 10.4.5 Exporting or Clearing Data Files ....................................................................... 10-16 10.4.6 Checking Hardware, Power Supply and Equipment Room Environment of Workstation .................................................................................................................. 10-17 10.4.7 Checking SUN Terminal and PC Terminal of NMS .......................................... 10-18 10.4.8 Outputting Monthly Report ................................................................................ 10-18

10.5 Quarterly Maintenance Suggestions ........................................................................... 10-19 10.5.1 Checking NMS by Remote Logon..................................................................... 10-19 10.5.2 Communicating Maintenance Experience ........................................................ 10-19 10.5.3 Outputting Quarterly Report .............................................................................. 10-20

10.6 Yearly Maintenance Suggestions ................................................................................ 10-20 10.6.1 Summarizing Yearly Maintenance Experience ................................................. 10-20 10.6.2 Outputting Yearly Report................................................................................... 10-20

Chapter 11 Remote Maintenance............................................................................................... 11-1 11.1 Setting Up Remote Maintenance Channels .................................................................. 11-1 11.2 Hardware Requirements and Connection Methods....................................................... 11-1

11.2.1 PC and PC workstation ....................................................................................... 11-2 11.2.2 SUN workstation ................................................................................................. 11-2

11.3 Software Configuration for Communication Connections.............................................. 11-3 11.3.1 PC/Windows2000 as PSTN dial-up access server ............................................. 11-3 11.3.2 PC/Windows2000 as PSTN dial-up client........................................................... 11-3


vi

11.3.3 SUN workstation as PSTN dial-up access server............................................... 11-4 11.4 Remote Maintenance Schemes................................................................................... 11-10

11.4.1 SUN workstation serves as the dial-up server .................................................. 11-10 11.4.2 PC/Windows2000 serves as the dial-up server ................................................ 11-11

11.5 Troubleshooting ........................................................................................................... 11-11

Appendix A FAQs..........................................................................................................................A-1 A.1 Workstation........................................................................................................................A-1

A.1.1 How to Start Sun Workstation from CD-ROM (Sun/Solaris)...................................A-1 A.1.2 Sun Workstation Abnormally Shut Down (Sun/Solaris)..........................................A-1 A.1.3 How to Set IP Address of Sun Workstation (Sun/Solaris) ......................................A-1 A.1.4 How to Change Host Name of Sun Workstation (Sun/Solaris) ..............................A-2 A.1.5 Failed to Connect PC to Sun Workstation through Direct-connect Cable (Sun/Solaris)..........................................................................................................................................A-2 A.1.6 Keyboard No Response for Sun Workstation (Sun/Solaris)...................................A-2 A.1.7 How to Configure Maximum Terminals for Sun Workstation (Sun/Solaris)?..........A-2 A.1.8 How to Use CD-ROM Drive (Sun/Solaris) ..............................................................A-2 A.1.9 How to Use Tape Drive (Sun/Solaris).....................................................................A-3 A.1.10 Failed to Log in to the System as a Root User While Using FTP (Sun/Solaris)...A-4 A.1.11 Can’t Use Services Such as Telnet After the NMS is Installed ............................A-4 A.1.12 File Size Changed When FTP is Used to Send Files...........................................A-4 A.1.13 Execution Authority of Files is Lost When FTP is Used to Send Files .................A-5

A.2 Database ...........................................................................................................................A-5 A.2.1 How to Change the Password of "sa" (Sun/Solaris/Sybase)?................................A-5 A.2.2 How to Set the sa Password (Windows/SQL Server 2000) ...................................A-5 A.2.3 Sun Workstation Abnormally Shut Down (Sun/Solaris/Sybase).............................A-6 A.2.4 Unable to Start Sybase(Sun/Solaris/Sybase).........................................................A-6

A.3 NMS...................................................................................................................................A-6 A.3.1 No Response from Left Mouse Button ...................................................................A-6 A.3.2 Some NMS Functions Abnormal Due to OS Time Changed..................................A-7 A.3.3 Alarm Window Display Abnormal Due to Alarm Panel Closed...............................A-7 A.3.4 Installation Interface No Response (Windows).......................................................A-7 A.3.5 Shortcut No Response............................................................................................A-8 A.3.6 Help Window No Response....................................................................................A-8 A.3.7 Topology Display Abnormal....................................................................................A-8 A.3.8 Nonstop Alarm Sound.............................................................................................A-8 A.3.9 How to View Text Completely.................................................................................A-9 A.3.10 Abnormality Occurs When Selecting Multiple Records in Table ..........................A-9 A.3.11 Failed to Restore Database..................................................................................A-9 A.3.12 "Admin" Fails to Log in..........................................................................................A-9 A.3.13 Device Name Overlap.........................................................................................A-10

Appendix B Abbreviations ...........................................................................................................B-1

User Manual HUAWEI iManager N2000 Fixed Network Integrated Management System Chapter 1 System Description

1-1

Chapter 1 System Description

1.1 Product Introduction

The iManager N2000 Fixed Network Integrated Management System (called iManager N2000 in this manual) maintains and manages the fixed-network devices in a unified manner.

Residing at the management layer of network solutions, the iManager N2000 manages Network Elements (NEs) and networks.

The iManager N2000 provides different network management solutions:

Broadband Network Management System (BMS) U-SYS Management System (UMS) of the Next Generation Network (NGN).

The iManager N2000 is developed on the unified network management (NM) platform of Huawei.

It employs the mature and widely-used client/server architecture. Therefore, it supports multiple clients and can manage large and complex networks.

With a multi-process design mechanism, the iManager N2000 can be flexibly extended to meet different requirements.

The iManager N2000 provides a concise and consistent management mode. It provides unified device panel and operation interfaces for the function supported.

The functions are shown below.

Topology management Fault management Performance management Security & log management.

Considering the user habits, the iManager N2000 puts the distributed devices together in a unified visual style. In this way, the operators can easily monitor, operate and manage the devices on the network.

The iManager N2000 BMS is designed to manage the broadband devices and services. It manages the broadband access devices and Asynchronous Transfer Mode (ATM) backbone convergence devices. They are:

MA510X MA5200 MA530X


1-2

MD5500 Radium 8750/BAS HONET (Home Optical Network)

The iManager N2000 UMS manages NGN components. They are:

Trunk Media Gateway (TMG) Access Media Gateway (AMG) Signaling Gateway (SG) Media Resource Server (MRS) Integrated Access Device (IAD) Universal Media Gateway (UMG) iGateway Bill (iGWB) Integrated Access Device Management System (IADMS).

The iManager N2000 also manages NGN services. It provisions IAD, AMG and UMG services and manages the users. It also manages the NGN resources, including device resources and service resources.

The Data Management System (DMS) is developed on the same NM platform. It is designed to manage data communications devices, such as routers, switches and access servers. It can manage both devices and networks.

The iManager N2000 BMS, UMS and UMS can manage all devices of Huawei on the fixed network.

1.2 Architecture

1.2.1 Software Architecture

Figure 1-1 shows the software architecture of the iManager N2000.

Figure 1-1 Software architecture of the iManager N2000


1-3

The design of the iManager N2000 is object-oriented. The iManager N2000 has a multi-process and modular structure. It supports distributed system management and has high scalability.

The iManager N2000 schedules and monitors the real-time stauts of the NE daemon process in a unified way. The daemon processes transfer messages through one message distribution center (MDC). In this way, the NE daemons become highly independent. One NM application can initiate multiple real-time tasks, which can be quickly switched.

The iManager N2000 provides NM components for different devices. You can choose the components that you want, so the iManager N2000 is highly scalable. You can easily add new components, device types and functions to it.

1.2.2 Hardware Architecture

The iManager N2000 consists of one system server and multiple clients. The system server communicates with the clients through a Local Area Network (LAN) or Wide Area Network (WAN).

Figure 1-2 shows the hardware architecture of the iManager N2000.

DCN

System server/database serverClient

ClientClient

To NEsManaged devices

Figure 1-2 Hardware architecture of the iManager N2000

The NMS server runs on Solaris or Windows 2000 Server platform. The NMS server can be SUN workstation or a PC.

You can install client and server software on the same PC, instead of a workstation, and install SQL Server as database. In this way, you are provided with a cost-effective NM solution.

You can do the following through this PC:


1-4

browse through the navigation tree do some basic configurations receive and query alarms monitor the device performance in real time.

1.3 Technical Indices 1) The iManager N2000 supports up to 6,000 equivalent nodes. 2) The iManager N2000 supports 50 clients at the same time. 3) The current alarm table can store up to 100,000 alarm records. The maximum

number of records in the history alarm and event alarm tables can by the user. Once the tables are full, the data is to be dumped.

4) The time delay to display the alarms that is received at the fault management module at the client is less than 8 seconds.

5) The log database contains three months’ log. In refreshing of the displayed log information, the latency time does not exceed 3 seconds.

6) The iManager N2000 supports up to 255 users. 7) The iManager N2000 deals with up to 100 alarm records per second. The alarm

buffer can store up to 100,000 alarm records.

1.4 System Interface Standards Downstream SNMP V1/V2/V3 interfaces: management interfaces of the NMS to

the broadband devices. Downstream Man Machine Language (MML) interfaces: management interfaces

of the NMS to the narrowband devices. Downstream SYSLOG interface: Some devices report the operation information

through the SYSLOG interface. Downstream File Transfer Protocol/Trivial File Transfer Protocol (FTP/TFTP)

interfaces: standard FTP/TFTP interfaces used to load and backup device versions.

Downstream Telnet interface: command line interface of the NMS to the broadband device.

Upstream SNMP (V1/V2/V3) interfaces: interfaces of the NMS to the upper NMS and other NMSs.

1.5 About Help

1.5.1 How to Get Help

To start the iManager N2000 help, do one of these.

Start the iManager N2000 client, and then select [Help/Topic].


1-5

Start the iManager N2000 client, click on any area of the client, and then press <F1>. The context-sensitive Help appears.

To browse the Help while the client is not started, do one of these.

On the Solaris operating system (OS), right click on the Common Desktop Environment (CDE), and then select [Applications/iManager N2000/N2000 Online Manual].

On Windows OS, select [Start/Program/iManager N2000/N2000 Online Manual].

The help window is as shown in Figure 1-3.

Figure 1-3 Help browser

1.5.2 Content

The Help covers these major topics:

Product Brief Introduction: It introduces the orientation, function features, and typical applications of the iManager N2000.

N2000 Quick Start: It introduces the client interface, customized settings, and usage of the iManager N2000.

Deploy Devices: It introduces how to deploy devices in the iManager N2000 and how to manage the devices through the topology.


1-6

Device Troubleshooting: It introduces how to do troubleshooting through the iManager N2000. For example, it tells you how to collect alarms, locate and eliminate faults, and summarize alarm processing experiences.

User Right Management: It introduces how to manage user rights to ensure the reliability and security of the iManager N2000.

View Device Running Performance: It introduces how to query, collect and analyze the real-time performance data of devices. It helps you identify the performance bottleneck and provides reference for optimizing the network status.

Backup/Restore Database: It introduces how to back up and restore the NMS database.

NE Management: It tells how to manage the devices and finish the service configuration.

Service Management: It presents how to provision and maintain services. Device Resource Management: It introduces how to measure and query network

device resources and logical resources. Routine Maintenance: It introduces the contents, methods and references of the

routine maintenance. This helps you effectively maintain devices and ensure the reliability of the iManager N2000.

FAQ: It describes common problems and solutions to them. Basic Operation List: It lists all basic operations. Through the basic operation list,

you can know the operations quickly. Terms and Abbreviations: It lists the relevant terms and abbreviations.

1.5.3 Conventions

The conventions in the help system include:

Pop-up: It is blue. Clicking it displays a window giving an explanation of the blue word.

Hyperlink: It is underlined and blue. Clicking it leads you to the linked page. The relationship between interface and Help.

—If the active dialog box or tab has a basic, independent function, press <F1>. The related help page is shown. For example, open the "Auto Discovery" dialog box, and then click <F1>. The "Set Device" page is shown.

—If the active dialog box can implement many functions, click <F1>. The default help page is shown. For example, in the topological view, press <F1>. The "Topology Management" page is shown. On the page, the links of all topology management operations are listed.


1-7

1.5.4 How to Use Help

I. How to find a topic

In the "Help" window, do one of the following:

To search for a topic from the topic list, select [View/Topic] or click the "Help Topics" tab. On the navigation tree, click the desired topic.

To search for a topic from the index list, select [View/Index] or click the "Index" tab. On the tab, enter the keyword, and then press <Enter>.

The related help appears in the right pane.

II. How to print a topic

1) In the right pane of the "Help" window, click the topic you want to print.

2) On the "Help" title bar, click . 3) In the dialog box that appears, set the parameters, and then <OK>.

III. How to set the Help window

1) Hide or show directories To hide the directories in the left pane of the help window, click on the boundary

between the left and right panes. The right pane occupies the entire help window. Click on the left boundary to restore.

To make the directories in the left pane occupy the entire help window, click on the boundary between the left and right panes. Click on the right boundary to restore.

2) Set the window size To resize the left and right panes, move the pointer to the boundary. When the

pointer becomes a double-headed arrow, drag it to the left or the right. To resize the "Help" window proportionately, move the pointer to the corner of the

"Help" window. When the pointer becomes a double-headed arrow, drag it to resize the window.

To change the height or width of the "Help" window, move the pointer to the top, bottom, left, or right boundary of the window. When the pointer becomes a double-headed arrow, drag it to resize the window.

User Manual HUAWEI iManager N2000 Fixed Network Integrated Management System

Chapter 1 Topology Management

1-1


Topology management enables you to construct and manage the topology structure of the network. You can keep track of the operation status of the entire network by browsing topological views of the network.

In topology management, you can upload topological data of network devices through topology auto discovery or by manually adding topology nodes. You can also add, delete, modify, and query topological devices. According to different management requirements of users, topology management provides such functions as non-hierarchically zooming, setting background, and auto layout. In this way, you can manage networks and devices easily.

Topology management can poll network devices and refresh their status regularly, thus making the network view display consistent with the actual network topology. In addition, topology management can monitor polling status and alarm status of network devices through color changes of the topological nodes.

Figure 1–1 shows the main window for topology management.

Figure 1–1 Main topological view



1-2

2.1 Basic Concepts The topology is a map of the managed telecommunications network in the NMS. It displays managed devices and links on the user interface using graphs and trees. Through the topology, users can perform such operations as configuration, alarm and performance.

The topological objects that can be managed include nodes, submaps and links.

2.1.1 Concept Description

I. Submap

In the NMS, a large network can be divided into several smaller networks by region or something else to facilitate network management. In the topology, these smaller networks are known as submaps.

II. Node

A node refers to a managed device that is mapped into the topology. For a single-frame device, a node represents the device. For a multiple-frame device, a node usually represents a frame in the device. Therefore, in the topology, a node and a device do not mean exactly the same.

III. Link

A link refers to a connection between devices that is mapped into the topology. In the topological view, the displaying of links follows these rules:

If there is any connection relation between two objects in the same submap, a link is drawn between the icons of the two objects. Double click the link, and you can query the detailed attributes, including the link name, link type and link status.

If there is any connection relation between two objects in two submaps, a shortcut icon is drawn at the lower right corner of each icon.

If there is any connection relation between the lower submaps or nodes in two submaps, a link is drawn between the two objects (two submaps).

IV. View

In the NMS, different views can be used to display the topology, depending on the angle of observing network or the service range concerned. As examples, a physical view divides network topology structure based on regions or any other rules; an IP view divides a network into several smaller networks based on the IP network segment.

Accordingly, the topology structure is organized in this way:



1-3

Each view corresponds to a device explorer and is concerned about different service points. Each device explorer includes several submaps, which show the network composition in the view. Each submap includes several nodes, as shown in Figure 1–2.

Figure 1–2 View

V. Role

Switches in a cluster can play different roles based on the locations and functions. A cluster is a manageable network that comprises of multiple interconnected switches. It is assigned with a single IP address. All switches in the cluster must support Huawei Group Management Protocol V2 (HGMP V2). With the cluster management, the user can manage a group of switches without assigning an IP address to each member switch.

In the NMS, depending on different service angles, device nodes of the same type can be defined as different roles to implement different operation and configuration modes. For example, a Quidview device node, which is not defined in the physical view, may be defined as a command switch or member switch in the Virtual Local Area Network (VLAN) view.

The switches in a cluster can play the following roles.

Command switch

The switch is assigned with a public network IP address and provides the main management interfaces for the overall cluster. A management command is first sent to the command switch for processing. If it finds that the command is destined to a certain member switch, it will redirect the command to the member switch.



1-4

Member switch

The switch is a member of a cluster, which is not assigned with a public network IP address in normal situations. It only receives the management commands redirected from the command switch.

Candidate switch

The switch does not join any cluster, but has the cluster capability and can become a member of a cluster.

Independent switch

The switch can be discovered in the process of gathering cluster topology information, but has no cluster capability and cannot become a cluster member.

VI. Filter

Filter is a special topological node. It can contain members. Currently, the filter often represents a multi-frame device. The multiple nodes under the filter represent the frames of the device.

VII. Polling status and alarm status

Polling status: The NMS queries the status and other configuration data of devices regularly, and displays the queried status information in the topological view.

The possible polling statuses include:

Normal, unknown, offline, insignificant, minor, major fault, critical, loopback, and test.

Alarm status: The device reports trap information to the NMS. Then the trap information is displayed in the topological view.

The possible alarm statuses include:

Critical, major, minor, and warning.

2.1.2 Icon Description

Corresponding to the concepts provided in the previous section, the topological view uses different icons to indicate submap, node, link, view objects and their statuses, and role.

For a node, a submap, or a link, the color of its icon shows its polling status. The status at the upper left corner of the icon shows its alarm status, lock status (locked or unlocked), and its role.

Figure 1–3 shows a node which is locked, offline and is experiencing a critical alarm.

Figure 1–3 Node



1-5

Below list the legends of the status icons.

I. Polling status color legend

Normal

Unknown

Offline

Insignificant Fault

Minor Fault

Major Fault

Critical Fault

Loopback

Test

II. Alarm icon

Critical

Major

Minor

Warning

III. Lock icon

indicates that the object is locked.

IV. Shortcut icon

indicates a cross-submap link.

V. Filter icon

indicates a filter.

2.2 Functions

2.2.1 Editing the Topological View

I. Adding/deleting a submap

1) Select [Edit/Add Object] to display the "Add Object" dialog box. 2) On the “Object Type” pane, select the submap type to be added, and enter the

related parameters, as shown in Figure 1–4.



1-6

Figure 1–4 Adding submaps

3) Then click <Add>.

If the operation succeeds, the status bar prompts the success. If the operation fails, a dialog box shows the failure.

4) In the topological view or on the device explorer, select the submap to be deleted. Click [Edit/Delete From This Submap] or press <Delete>, and then confirm the operation.

The selected submap is then deleted.

II. Adding/deleting a device

1) Select [Edit/Add Object] to display the "Add Object" dialog box. 2) On the “Object Type” pane, select the device type to be added, and enter the

related parameters, as shown in Figure 1–5.



1-7

Figure 1–5 Adding devices



4) In the topological view or on the device explorer, select the device to be deleted. Select [Edit/Delete From This Submap] or [Edit/Delete From All Submaps] or press <Delete>, and then confirm the operation.

The selected device is then deleted.

Note:

If there are several copies of the specified device, all of them are deleted after you select a copy and then [Edit/ Delete From All Submaps].

If you select [Edit/Delete From This Submap] or press <Delete>, only the selected copy is deleted.



1-8

III. Adding/deleting a link

1) Select [Edit/Add Object] to display the "Add Object" dialog box. You can also select two objects in the topological view, right click and select [Create Link] to pop up the “Add Object” dialog box.

2) On the “Object Type” panel, select the link type to be added, enter the related parameters, as shown in Figure 1–6.

Figure 1–6 Adding links



4) In the topological view, select the link to be deleted, and then select [Edit/Object Attributes]. In the “Object Attributes” dialog box that appears, click the “Link” tab to display the link attribute list.

5) Select one or more records in the link attribute list, right click, and then select [Delete].




1-9

IV. Editing object attributes

1) In the topological view, select the desired object, and then select [Edit/Object Attributes]. The “Object Attributes” dialog box then appears, as shown in Figure 1–7.

Figure 1–7 Object attributes

2) On this interface, batch modify the attributes of the objects such as links, nodes, submaps, and so on.

V. Searching for objects

1) Select [Edit/Search], or press <Ctrl+F>, or click on the toolbar. Then the

“Search” dialog box appears, as shown in Figure 1–8.



1-10

Figure 1–8 Searching for objects

2) In this dialog box, specify the searching conditions, including: Find Type: the object type to search for, such as device, board or port. Find Mode: the searching mode, such as device name, IP or physical address. Find What: the keyword to search for. Match whole word only: whether to use the default fuzzy search.

3) Click <Search> to perform the operation. All the matching records will appear in the "Find Result" list.

4) Select the record you want to locate in the "Find Result" list, and double click to locate the corresponding record in the topological view or on the panel.

5) Click <Close> to cancel the operation and close the "Search" dialog box.

VI. Refreshing a topological view

Select [Edit/Refresh View], or press <F9>, or click on the toolbar. Then the current

topological view is refreshed.

VII. Refreshing a device status

This operation is to refresh the polling status of the specified device node.

1) On the device explorer, select the device node you want to refresh. 2) Select [Edit/Refresh Status].



1-11

If the operation succeeds, the status prompts the success. The status of the device node is refreshed on the device explorer and in the topological view. If the operation fails, a dialog box shows the failure.

VIII. Setting a start view

Select [Edit/Set as Home View], then the current view is set as a start view. It will be displayed when you log in to the NMS next time.

The start view is locally saved and is applied to the local terminal.

IX. Saving an icon position

Select [Edit/Save Position], or click on the toolbar. Then the current icon position

is saved.

If the icon position is not saved after being changed, the icon position remains unchanged after the view is refreshed or after you log in again.

X. Copying/cutting/pasting an object

With this function, you can copy or move the selected device node/submap from one submap to another.

1) On the topological view, switch to the original submap where the object locates. 2) Select [Edit/Copy] or [Edit/Cut] to copy or move the selected object to the

Clipboard. 3) Select the target view, and then select [Edit/Paste] to paste the object from the

Clipboard.

Caution:

If you select the cut/paste operation, the selected object is copied to the target view and deleted from the source view.

Neither the copy/paste operation nor the cut/paste operation can be performed across multiple views.

No recursive copy operation can be performed. For example, you are not allowed to copy submap A to a view under A.

Multiple objects can be copied and pasted at one time. To select multiple objects, press and hold <Shift> and then select the desired objects.



1-12

2.2.2 Viewing a Topological View

I. Zooming a topological view

1) Select [View/Zoom In] or click on the toolbar to zoom in the current view to

1.2 times of its original size.

2) Select [View/Zoom Out] or click on the toolbar to zoom out the current view

to the 1.2 times of its original size.

3) Select [View/Zoom In Partially] or click on the toolbar. Press and hold the

left mouse button and select an area in the view. When you release the left mouse button, the selected area is displayed on the full screen.

4) Select [View/Fit Window] or click on the toolbar to display the whole view on

the full screen.

5) Select [View/Restore] or click on the toolbar to display the view at its original

size.

II. Browsing topological view

1) In the topological view, double click the icon of the submap you want to enter.

Then the submap is switched to, and its topological structure is displayed.

2) Select [View/UP] or click on the toolbar, or press <F6>.

Then the parent view of the current submap is switched to, and the topological structure of the parent view is displayed.

III. Printing topological view

1) Select [View/Print Preview]. 2) In the “Preview” dialog box that appears, click <Previous> or <Next> to browse

the topological view page by page. 3) Select [View/Print]. 4) In the “Print” dialog box that appears, select a printer, specify printing range,

copies and other desired parameters, and then click <OK>. Then the current topological view is printed.

IV. Auto layout

1) Select [View/Layout Manager] or press <Ctrl+Y> to display the “Layout Manager” dialog box.



1-13

2) In the topological view, select the nodes you want to lay out, and then switch to the desired layout mode to lay them out.

3) Select [View/Auto Layout] to lay out the nodes selected on the interface in the default mode.

Note:

We recommend that the objects with obvious star or tree connection be laid out in star or tree mode; those with obvious closed loop be laid out in loop or round mode; those with complicated connection be laid out in dispersal or uniform length mode; and those with simple connection be laid out in uniform length mode or loop mode.

You can select some nodes on the interface and try different layout modes to get the best effect.

V. Showing filter and legend

1) Select [View/Filter&Legend], or click on the toolbar, or press [Ctrl+F2]. Then

the “Filter/Legend” panel appears on the right side of the topological view. 2) Select the “Legend” panel to view the legend of the graphics in the topological

view. Select the “Filter” panel to filter the objects displayed in the topological view by category.

VI. Showing an aerial view

If the size of the topological view is larger than 1024*768 pixels, only part of it can be displayed in the topology window. In this case, you can display the entire topological view and locate the displayed area in the aerial view.

1) Select [View/Aerial View], or click on the toolbar, or press<Ctrl+F3>.

Then the “Aerial View” window appears in the right part of the topological view. The rectangle area is the visible range of the current topological view.

2) Click in the "Aerial View" window or press and hold the left mouse button and drag the rectangular area in the window.

Then the display area of the current view is changed.

3) Click [View/Aerial View] again.

Then the "Aerial View" window is closed.

VII. Showing view navigation tree

Select [View/Network Explorer], or click on the toolbar, or press <Ctrl+F4>.

Then the view navigation on the “Device Explorer” panel is displayed.



1-14

VIII. Showing topology on full screen

Select [View/Full Screen Mode].

Then the topological window occupies the full screen, and the toolbar and system menus are hidden. After the window is closed, the interface shows its actual status again.

IX. Setting icon size

1) Select [View/Icon Size Setting/Small]. Then the size of the currently displayed icons becomes 16*16 pixels.

2) Select [View/ Icon Size Setting/Medium]. Then the size of the currently displayed icons becomes 32*32 pixels.

3) Select [View/Icon Size Setting/Large]. Then the size of the currently displayed icons becomes 64*64 pixels.

2.2.3 Setting Default SNMP Parameters

In manual creating of the SNMP device or in device auto discovery, the system uses the default SNMP parameter profile to adapt to the specified device. This can determine the SNMP parameters supported by the device.

This operation allows you to modify, add, or delete a default SNMP parameter profile of the system.

1) Select [Edit/Default SNMP Configuration].

Then the “Default SNMP Configuration” dialog box appears, as shown in Figure 1–9. It lists all of the SNMP parameter profiles in the system.



1-15

Figure 1–9 Setting default SNMP parameters

2) Click the desired SNMP parameter type tab. It includes the SNMP V1 parameter type, SNMP V2 parameter type and SNMP V3 parameter type.

3) Configure the SNMP parameter profile of the selected type: To add a parameter profile, click <Add>. A configuration area appears in the

lower part of the dialog box. Enter the parameters and then click <OK>. The parameter profile then appears in the profile list.

To modify a parameter profile, double click the desired profile in the profile list. Then a configuration area appears in the lower part of the dialog box. Modify the parameters, and then click <Apply> to confirm the operation. The profile list is also refreshed.

To delete a parameter profile, select the desired profile in the profile list, and then click <Delete>. In the confirmation dialog box that appears, confirm the operation. Then the selected profile is deleted.

4) After the configuration, click <Close> to close the dialog box.

2.2.4 Setting Access Protocol Parameters

With this function, you can modify or test the access protocol parameters of the specified device at the NMS side.

1) On the device explorer, click to select a device node or a submap.



1-16

2) Select [Edit/Device Access Protocol] to display the “Device Access Protocol” dialog box, as shown in Figure 1–10. The configuration list displays the SNMP parameter/MML parameter configuration of the selected device. The “Detailed Information” text box in the lower part of the dialog box displays the details of the record selected in the list.

Figure 1–10 Setting device access protocol

3) Click <Display> or double click the selected record in the SNMP/MML parameter configuration list. Then the details of the record appear in the lower part of the dialog box.

Modify the desired parameters. Click <Test> to test whether the parameters are properly configured. A prompt

box pops up showing the operation results. Click <Apply> to confirm the operation.

If the operation succeeds, the status bar prompts the success. If the operation fails, a dialog box prompts the failure.

4) Click <Close> to complete the configuration and close the "Device Access Protocol" dialog box.



1-17

2.2.5 Setting Device Maintenance Information

With this function, you can add, delete and modify the device maintenance profiles.

1) Select [Edit/Device Maintenance Info].

Then the “Device Maintenance Info” dialog box appears, as shown in Figure 1–11. It lists all the device maintenance information.

Figure 1–11 Setting device maintenance information

2) To add the device maintenance, click <Add>. Then a parameter configuration area appears in the lower part of the dialog box.

3) Set the following parameters: [Supporter]: The name of the maintainer. It is mandatory. [Department]: The name of the company in which the maintainer works. [Phone]: The phone number of the maintainer. [Email]: The E-mail address of the maintainer. It should be in standard form, such

as [email protected].

After the setting, click <OK>. Then the maintenance information appears in the information list.

4) To modify the device maintenance, double click the maintenance you want to modify in the information list. Then a parameter configuration area appears in the lower part of the dialog box.

5) Modify the desired parameters and then click <Apply> to confirm the operation and refresh the information list.



1-18

6) To delete the device maintenance, select the maintenance you want to delete from the information list, and then click <Delete>. In the confirmation dialog box that appears, confirm the operation.

7) Click <Close> to close from the "Device Maintenance Info" dialog box.

2.2.6 Auto Device Discovery

With this function, the NMS can search the specified IP network segment and device type automatically. It can further add the device to the topological view.

1) Select [Edit/Auto Discovery] to display the “Auto Discovery” dialog box. The dialog box is as shown in Figure 1–12.

Figure 1–12 Setting auto discovery

2) Select the desired auto discovery mode from the "Protocol" drop-down list. It is the "IP and SNMP" mode by default.

3) Select the desired device type from the "Device Type" drop-down list. It is "All Devices" by default.

4) Enter "PING Times", which is 1 by default. This parameter specifies the PING retries for the specified IP network segment.



1-19

The PING retries should be no more than 5 so that the operation will not last for too long.

5) Enter “Timeout(s)”. This parameter specifies a time limit of the ping operation.

When the time is up, the operation will be stopped. The range is 5–15 seconds. It depends on the complexity of the network.

6) Enter "Layers", which is 0 by default.

This parameter refers to how many subnet layers the system will search to discover the router in an IP segment. The subnet layer should be no more than 5 so that the operation will not last for too long.

7) Click the "Physical Path" input box, and move the mouse pointer onto the "Device Explorer" tab or in the topological view. Click the target submap in which the desired device resides.

The path of the target submap then appears in the "Physical Path" input box.

8) In the "IP Address Range" frame, click <Add> to add a new IP address range record.

This record should specify the start IP address, end IP address, and subnet mask of the IP segment that the system needs to search.

9) Click <Delete> to delete the IP address range. 10) Click <Filter> to set the filtered IP address.

For example, the IP address range is set as 10.11.242.86~10.11.242.90, and the filtered IP address is set as 10.11.242.87. Then the IP address will not be automatically discovered.

11) Click <Discover All> and <Discover None> to set whether to discover in the default IP address range.

12) Click <Default SNMP Parameter> to pop up the "Default SNMP Parameter" dialog box. Select the SNMP parameter profile that is used to adapt to the device you want to search for. By default, all default SNMP parameter parameters are used.

13) Click <Start> to confirm the operation.

Note:

For the time being, the auto device discovery function is only applicable to the devices that use the SNMP.



1-20

2.3 Deploying Devices Reasonable device deployment in the NMS can make the communication network more visual and improve the operability of the NMS.

Generally, deploying device should experience four phases: Preparations–>Creating a Submap–>Adding a Device to the NMS–>Creating a Link.

2.3.1 Preparations

Deploying a device is to deploy communication devices in the network in the topological view. Before deploying a device in the topological view, you should plan the topological submaps reasonably. If there are too many devices in a very large network, it is very difficult to locate and manage a device in one topological view.

You can classify the topological view into topological submaps by:

Geographical region, that is, the region where the communication device is located.

Device type, that is, the type of the communication device. IP network segment, that is, the IP address of the communication device. Manager of the device.

Note:

Up to 300 devices can be added to each submap. If there are too many devices in a submap, the interface of the NMS will be much crowded and the devices will be overlapped. This will make locating devices inconvenient.

Submaps should be arranged in 5 layers at most. If they are arranged in too many layers, it will cause much trouble to operate on the NMS.

2.3.2 Adding a Submap

There is a very large and complex communication network. To ease the management and operation, you can divide it into several subnets based on the geographical region, type or IP network segment of devices. Each subnet is mapped to a submap in the topology.

Adding a submap helps you to manage the communication network easily.

Each subnet can correspond to a submap.

2.3.3 Adding a Device to the NMS

After planning the communication network and creating a submap, you should add a device to the NMS.



1-21

Take the two steps below to add a device to the NMS:

I. Configuring NMS and device data

Before adding a device to the NMS, configure SNMP parameters at the NMS side and NMS workstation parameters at the device side. Get Community/Set Community must be exactly the same at both sides. In order to improve the security of the system, do not use the default community names.

You should configure the following data in the NMS:

1) The network management protocol and parameters supported by the managed devices.

If the SNMP is used to manage the devices, you should configure the default SNMP parameters of the NMS. See “Set Default SNMP Parameters”.

2) According to the different device types, the following data should be configured at the device side:

Network management protocol and parameters supported by the managed devices.

ACLs of the devices. Trap center. Other parameters.

For different devices, different parameters need be configured at the NMS and device sides in different ways. For details, refer to the user manuals of the respective network management subsystems.

II. Adding a device

There are two methods to add a device to the NMS.

Add devices manually

First specify the type, IP address, name, submap, network management protocol and parameters of the device you want to add. Then add the device to the NMS.

Auto device discovery

First specify the IP network segment you want to search, automatically discover the desired device within the network segment. Then add it to the NMS. The auto discovery mode applies only to the devices that support the SNMP. See “Auto Device Discovery”.

After adding a device to the NMS, you can copy/cut and paste the device to move it among different submaps to modify the layout of the topological view.

2.3.4 Add Links

After adding a device to the NMS, you can add the physical links between devices in the NMS. If a logical connection exists between two submaps, between a submap and



1-22

a device, or between two devices, you can add the corresponding virtual link to the NMS.

2.3.5 Device Deploying Example

Below shows the device deployment.

Office A: MA5100 Office B: MA5100 and MA5200 Office C: MA5200 and NE16 NMC (Network Management Center): Radium 8750 and NE80 Links: MA5100->Radium 8750, MA5200->Radium 8750, NE16-> NE80

iManager N2000 Server

Office A

MA5100

Office B

MA5100

Office C

MA5200

211.124.8.2/24211.124.8.1/24

10.11.25.1/24

10.11.25.4/24

10.11.25.5/24

NMC Room

Client 2

Client 3Client 1

Radium 8750

NE16

201.224.5.2/24212.12.8.1/24212.12.8.2/24

MA5200

10.11.25.6/24

HUB

10.11.25.3/2410.11.25.2/24

NE80

DCNDCN

Figure 1–13 NMS networking example

The procedures for deploying devices are as follows:

1) Divide the managed communication network into four regions: "Office A", "Office B", "Office C", and "NMC Room".

2) Create four submaps in the physical topology: "Office A", "Office B", "Office C", and "NMC Room".

3) Name devices after their IP addresses. 4) Create MA5100 211.124.8.1 in the "Office A", MA5100 211.124.8.2 and MA5200

212.12.8.1 in the "Office B", MA5200 211.12.8.2 and NE16 201.124.5.2 in the "Office C", and Radium8750 10.11.25.2 and NE80 10.11.25.3 in the "NMC Room".

5) Create links between 211.124.8.1–10.11.25.2, 211.124.8.2–10.11.25.2, 212.12.8.1–10.11.25.2, 212.12.8.2–10.11.25.2, and 201.224.5.2–10.11.25.3.


Chapter 3 Fault Management

3-1


Fault management is used to process the device alarms and the alarms of NMS itself. The management functions include querying the alarm history and operation information of devices, and querying and configuring device alarm information. The main window for fault management is shown in Figure 3-1.

Figure 3-1 The main window for fault management

3.1 Basic Concepts

3.1.1 Alarm Definition

Alarm (event) information may come from various device modules or service boards. Alarms can be classified into operation information, fault alarm and recovery alarm by alarm type. Fault alarms and recovery alarms correspond to each other one by one. Alarms (events) can be classified into four levels in the descending order of severity: critical, major, minor, and warning.

After an alarm is generated, the system broadcasts it to the terminals according to the condition of the configured terminals, mainly to the NMS users and Command Line



3-2

Interface (CLI) users. Whether an alarm will be reported the terminals are specified in alarm control.

I. Alarm ID

An alarm ID consists of four bytes, indicating a unique alarm. Each alarm ID corresponds to an alarm. Generally, alarm IDs are allocated according to alarm type and alarm module type.

II. Alarm level

Alarm (event) level is used to identify the severity of an alarm. Alarms can be classified into four levels in the descending order of severity: critical, major, minor, and warning.

A critical alarm refers to a global alarm that endangers the normal operation of the device and needs to be handled, like power failure, output clock failure, and so on.

A major alarm refers to a board or line failure within the limited range. The user services will be abnormal if the user does not handle it in time. Examples of such alarm include fiber cut, fault in physical line, and so on.

A minor alarm refers to an ordinary fault alarm or event alarm that shows the board or line abnormality, like the bit error on a physical line.

A warning refers to a status change or event that does not affect the system performance and user services but interests the operator. A warning may also be a message that prompts the recovery from a device abnormality.

III. Alarm category

By function, alarms can be classified into power alarm, environment alarm, trunk alarm, hardware alarm, software alarm, operation alarm, communications alarm, service quality alarm, and error processing alarm.

3.1.2 Term Explanations

I. Real-time alarm

Real-time alarms refer to the alarms that are reported after the real-time alarm browser is started. The real-time alarm browser can automatically scroll down to display the latest alarms on the screen.



3-3

II. Current alarm

Current alarms refer to the unacknowledged&unrecovered alarms, unacknowledged&recovered alarms and acknowledged&unrecovered alarms. A current alarm requires human intervention.

III. Historical alarm

Historical alarms refer to the acknowledged&recovered alarms. A historical alarm does not require human intervention.

IV. Real-time event

Real-time events refer to the events that are reported after the real-time event browser is started. The real-time event browser can automatically scroll down to display the latest events on the screen.

V. Alarm acknowledgement

By the alarm acknowledgement status, the user can easily identify which alarms have been handled and which alarms have not. Then the user can take different measures to handle the alarms in two different statuses. The system supports manual and automatic alarm acknowledgement.

VI. Alarm status transition

In case of a device fault, the device sends an alarm to the NMS. The NMS receives the reported alarms in real time. For the time being, the NMS supports the alarms and events reported in form of MML and SNMP Trap. The latest alarms received by the NMS are unacknowledged&unrecovered. After the fault is eliminated, the alarm is acknowledged manually or automatically. When the NMS receives a recovery alarms, the alarm becomes recovered. The acknowledged&recovered alarm becomes a historical alarm and is not handled as a current alarm. Current alarms include all unacknowledged and/or unrecovered alarms, and they can be handled in a centralized manner.

The alarm status transition model is shown in Figure 3-2.



3-4

Network Element

Unacked but Unrecovered Alarm

Unacked but Recovered Alarm

Acked but Unrecovered Alarm

Historicial Alarm

Recover RecoverAcknowledge

AcknowledgeReport

Figure 3-2 Alarm status transition model

3.2 Functions

3.2.1 Browsing Alarm

To facilitate browsing and querying alarms, the system provides alarm profile. The alarm profile helps you to:

Get the concerned alarm information in time. Identify critical alarms from a large number of alarms so as to perform efficient

network management. Divide alarms into several manageable groups based on your filtering conditions.

Through the fault browser, you can open these windows easily: “Realtime Alarm Browse”, “Current Alarm Browse”, "Realtime Event Browse”, “Event Browse”, and “Alarm History Browse”. Taking the real-time alarm browsing as an example, this section explains how to browse and query alarms.

1) Select [Fault/Fault Browser] to open the main interface of the fault browser. The fault browser appears in the left part of the main interface, and the "Realtime Alarm Browse" window appears in the right part, as shown in Figure 3-3.



3-5

Figure 3-3 Browsing real-time alarms

2) In the opened “Alarm Filtering Condition Setting Panel”: Enable the "Select Resource" switch, and then click <Select Resource>. In the "Select Resource" dialog box that appears, select the desired device, and

then click <OK> to add it to the "Select Devices" list. Enable the "Severity" switch, and then select the desired alarm severity. Enable the "Function Class" switch, and then select the desired alarm function

category. Select the desired alarm fields in the "Displayed Column" list box. Click <OK> to validate the filtering conditions immediately and turn the "Alarm

Filtering Condition Setting Panel" into a filtering condition character string 3) Click <Save> to update the currently selected real-time alarm browsing profile.

If the default profile is selected, the "Save as" dialog box will appear for you to save the alarm filtering conditions as a new profile.

Enable the "Automatic Scroll Down" at the bottom left corner of the "Realtime Alarm Browse" window.

If a new alarm is reported to the "UnAck" or "Ack" list, the list will automatically scroll to the bottom to show the latest alarms.

4) Select one or multiple alarms in the "UnAck" list, right click, and then: Select [Ack Alarm]. Then the selected unacknowledged&unrecovered alarms will

be moved from the "UnAck" list to the "Ack" list, and the selected unacknowledged&recovered alarms will be deleted from the "UnAck" list.



3-6

Select [Clear Alarm]. Then the selected acknowledged&unrecovered alarms will get unacknowledged&recovered. Recovered alarms cannot be manually recovered. Select [Detailed] to display the "Detailed Information" window.

Select [Locating to] to locate the topological node that experiences an alarm 5) Select one or multiple alarms in the "Ack" list, right click, and then select [Ack

Alarm], [Recovery], [Locating to], or [Detailed]. 6) To avoid reconfiguring the alarm filtering conditions, you can open the alarm

browsing window from the real-time alarm browsing profile you have defined.

3.2.2 Alarm Statistics

This operation lists the alarm data in two dimensions according to the specified conditions, helping you analyze the device operation status. Alarm statistics involves: setting alarm statistics conditions, showing statistics results, and saving and printing statistics results. The alarm statistics conditions include: alarm object, function class, alarm level, alarm time range, and alarm. The main interface of the "Alarm Statistics" window consists of three parts: statistics condition setting panel, statistics result list, and status bar.

1) Select [Fault/Fault Browser] to start the fault browser. 2) In the fault browser, double click the "Alarm Statistics" node to expand the profile

node for alarm statistics. 3) Double click the "by Month&Severity" profile node. The "Alarm Statistics" window

then appears. 4) In the "Statistics Condition Setting Panel", the statistics conditions are month and

alarm severity. Click <Stat.> to measure all alarms by month and alarm severity. Reconfigure the query conditions. The condition settings here are the same as those for "Create Alarm Statistics Profile".

5) Click <Stat.> to validate the statistics conditions immediately and turn the "Create Alarm Statistics Profile" into a statistics condition character string.

6) Click <Save> to update the current alarm statistics profile with the current statistics conditions.

Note:

If no control is available for changing statistics conditions, you can click the triangle button at the upper left corner of the fault display window to display the controls. Changing statistics conditions does not result in an updated profile.

The system provides a default profile for alarm statistics by month&severity.



3-7

3.2.3 Setting Local Alarm Attributes

Using this function, you can set real-time printing, alarm panel, and audio/visual alarm, facilitating you in getting the reported alarms from the NMS in time.

1) Select [Fault/Fault Setting/Local Property]. Then the "Local Property" dialog box appears, as shown in Figure 3-4.

Figure 3-4 Setting local properties

2) Click the “Realtime Printing Setting” tab, the "Alarm Panel Setting” tab, and the “Audio&Visual Setting” tab to set the local properties.

Realtime Printing Setting: Select the “Enable Realtime Printing” check box. Select the “Severity” check box, and then select the alarm severity. Select the “Function Class” check box, and then select the function class. Select the columns you want to print.

Alarm Panel Setting: Select the display mode of the alarm panel and that of the alarm indicator.

Audio&Visual Setting: Set alarm display color and alarm sound. 3) Click <OK> to save your settings and close the “Local Property” dialog box.

3.2.4 Setting Automatic Alarm Dumping

Automatic dumping is used to dump alarm history data to files regularly, during which the dumped alarm history data will be deleted. This operation improves the efficiency



3-8

and stability of the system. Using this function, you can set the attribute of automatic dumping.

1) Select [Fault/Fault Setting/Dump&Sync&Ack] to display the "Dump&Sync&Ack" dialog box.

2) Select the "Others" tab, as shown in Figure 3-5.

Figure 3-5 Setting automatic alarm dumping

3) To enable the automatic alarm dumping, select "Enable Alarm Auto Dumping". 4) In the tab, enter the conditions and period for automatic acknowledgement. 5) Click <OK> to save your settings and close the "Dump&Sync&Ack" dialog box.

Note:

"Alarm Generated x Days ago" means that alarms generated x days ago will be automatically dumped. For example, if x=90, only the alarms generated 90 days ago (with regard to the time when automatic dumping is performed) will be automatically dumped.

"Auto Dump Intervals x days" indicates the period for the automatic dumping. If it is set to 5 days, the system will perform automatic dumping once every five days.

Only historical alarms can be automatically dumped while the current alarms cannot. By default, the automatic dumping starts at 1:00 AM.



3-9

3.2.5 Setting Automatic Alarm Acknowledgement

Using this function, you can set the conditions for automatic alarm acknowledgement.

1) Select [Fault/Fault Setting/Dump&Sync&Ack] to display the "Dump&Sync&Ack" dialog box.

2) Select the "Others" tab. 3) Select the "Enable Auto Ack" check box. 4) Enter the conditions on the panel. 5) Click <OK> or <Apply> to save your settings.

Note:

"Alarm Generated x days ago": The alarms generated x days ago will be automatically acknowledged. For example, if x=3, then the alarms generated 3 days ago (with regard to the time when the alarm is automatically acknowledged) will be automatically acknowledged.

"Auto Ack Interval" indicates the period for the automatic acknowledgement. If it is set to 5 days, the system will perform automatic acknowledgement once every five days.

The unrecovered alarms will also be automatically acknowledged. By default, the automatic acknowledgement operation starts at 0:00.

3.2.6 Setting Alarm Synchronization

When the failure of the communication between the NMS and a device recovers or when the NMS is restarted, you should synchronize the alarm information to make the alarm information consistent. Because the synchronization operation greatly affects the system performance, it is provided only for alarms but not for events.

1) Select [Fault/Fault Setting/Dump&Sync&Ack] to pop up the "Dump&Sync&Ack" dialog box.

2) In the device tree in the left part of the window, select a device node. 3) If you want to synchronize alarms when the NMS is restarted, select

"Auto-synchronizing when the system starts". 4) If you want to synchronize alarms when the failure of the communication

between the NMS and a device recovers, select "Auto-synchronizing when the communication recovers".

5) Click <OK> or <Apply> to save your settings.



3-10

Note:

You can set alarm synchronization for multiple devices at one time, but your settings will not work until you click <OK> or <Apply>.

3.2.7 Setting Remote Alarm Notification

This operation can be used to set the attribute of alarm transferring to e-mail. With this function, when the system is faulty and the maintainer is absent, the NMS can notify the operation status of the system to the maintainer.

1) Select [Fault/Fault Setting/Remote Notification] to display the "Remote Notification" dialog box.

2) In the dialog box, click <Add> to display the "Add" dialog box, enter the profile name, and then click <OK> to add the profile name in the "Profile Name" tree.

3) Select the desired function class, alarm resource, and severity. 4) Enter an e-mail address. 5) Set the time length for the notification delay to prevent the NMS from still sending

a reported alarm after the corresponding recovery alarm is received. 6) Click <Advanced> to set the Simple Mail Transfer Process (SMTP) Server and

the sending address. 7) Click <OK> to save your settings and close the “Remote Notify” dialog box.

Note:

The alarm notification e-mail messages provide the number and details of critical alarms, the number and details of major alarms, the number of major alarms, and the number of warnings.

To set Domain Name Server (DNS) under Solaris operating system: a) Add “nis” and/or “dns” to the “hosts” of “/etc/nsswitch.conf”, with the content being: hosts: files dns b) Set the gateway of the DNS in “/etc/defaultrouter”, with the content being: 10.11.43.254 c) Set the IP address of the DNS in /etc/resolv.conf, with the content being: nameserver 10.15.1.3 nameserver 129.9.111.100 domain huawei.com



3-11

3.2.8 Setting Alarm Correlation

I. Setting Root-Cause Regulations

Root-cause correlation analysis is to analyze device alarms comprehensively and efficiently by using the regulation-based correlation analysis technique. This reduces network storm and enables the maintainers to locate fault quickly. This operation allows you to add or delete alarm correlation analysis regulations.

1) Select [Fault/Fault Setting/Alarm&Event Correlation] to pop up the "Alarm&Event Correlation" dialog box.

2) Select the "Root-cause Regulations" tab. 3) Click <...> next to "Source Alarm or Event Name" to pop up the "Select Alarms"

dialog box. 4) Select an alarm and click <OK>. 5) Select an alarm in the "Related Alarm or Event Name" in a way similar to Steps 3

and 4. 6) Select an action from the "Action" drop-down list. 7) Select the relationship between the source alarm and the target alarm from the

"Relation" drop-down list. 8) Click <Add>. 9) Click <OK> to save your settings and close the "Alarm&Event Correlation" dialog

box.

II. Repeated Event Definition

No event can be recovered. Even though the cause for an event has disappeared, status of the event remains unchanged. Therefore, the same event may be due to different causes. For the events with the same product type, event ID and locating information that are reported within a period, you should not discard them directly (repeated alarms are so handled). You should handle them according to your settings.


2) Click the "Repeated Event Definition" tab. Select the desired device type on the “Device Type” tree, and select the desired

event from the “Event Name” list. Enter a period in the "Report Interval" input box.

3) Click to select “Enable Correlation Analyzing”. 4) Click <OK> or <Apply> to save your setting.



3-12

III. Set Flash Alarm

When the interval between the first recovery of an alarm and the second recovery of the alarm is very short, this alarm is defined as a flash alarm. For the flash alarm, the system only receives the first report, and the subsequent reports will be masked.

This operation allows you to set flash interval for alarms. If the interval between the previous alarm recovery and the current alarm recovery is less than the set interval, the system will mask the alarm and does not handle it.


2) Click the "Flash Alarm" tab. Select the desired device type on the “Device Type” tree, and select the desired

alarm from the “Alarm Name” list. Enter a flash interval in the “Flash Interval” edit box.

3) Click to select “Enable Correlation Analyzing”. 4) Click <OK> or <Apply> to save your setting.

3.2.9 Locating Alarm/Event

Using this function, you can locate the object that experiences the specified alarm or event. This operation can be performed in all alarm/event browsing/querying windows.

1) Open an alarm/event browsing/querying window, select an alarm or event, right click, and then select [Locating to].

2) The alarm/event object then is located, with a white frame surrounding it.

Note:

The display focus can be located to not only the topological node level but also a specific object (board, port, and so on) on the panel.

If no alarm/event object is found, the alarm/event locating operation will be stopped.

3.2.10 Managing Alarm Maintenance Tips

Using this function, you can record your experience in handling alarms for future reference.

1) Select [Fault/Fault Setting/Maintenance Tips] to display the "Maintenance Tips" dialog box, as shown in Figure 3-6.



3-13

Figure 3-6 Maintenance tips

2) Select a device type in the device type tree in the left part of the dialog box, and then the corresponding alarms appear in the table in the right part.

3) Select an alarm in the table. 4) In the "please input your maintenance tips" column, type your experience in

handling alarms. 5) Click <OK> or <Apply> to save your maintenance tips.

Note:

You can sort the alarm table based on a column by double clicking the corresponding column heading.

The input column provides automatic and forced line wrap functions. When a line is too long, a new line will be used.

3.3 Troubleshooting

An alarm will be reported when a device or line fault occurs. The alarm information helps you to find the alarm cause and locate the fault. After that, you can take corresponding measures to eliminate the fault.



3-14

Please follow these steps to process a device fault: Preparation->Getting Alarm Information->Analyzing Alarm->Eliminating Fault->Acknowledging and Recovering Alarm->Sharing Alarm Maintenance Tips.

3.3.1 Preparation

To facilitate processing device faults and getting alarm information, you should make these operations:

I. Setting alarm attributes

Except the attribute "remote notification", Default values are provided for the attributes except “remote notification”. You can use the default settings or change them as required.

Setting alarm panel: Setting the display mode of the alarm panel and alarm indicators.

Setting alarm real-time printing: Setting the print conditions, and printing the reported alarms in teal time. The printer should be connected to the computer.

Setting alarm transferring to e-mail: Setting the e-mail address to notify alarms to the remote user.

Besides, the system supports the sending of visual and audio alarms by the alarm box. You need equip alarm box produced by Huawei.

II. Creating profile

For the convenience of alarm browsing, querying and statistics, the system provides the function of customizing profile. Alarm profile enables different users to attend to the alarms concerned, makes it easier to set alarm query and statistics conditions, and makes the handling of device faults more efficient.

III. Setting alarm correlations

If a fault occurs, several correlative alarms may be reported together as well as the alarms caused by the fault itself. The setting of alarm correlations makes the alarm reporting more efficient and the fault locating easier. The correlation setting mainly involves:

Set Root-Cause regulations Define repeated event Set flash alarm Enable correlation analysis Redefine alarm severity



3-15

3.3.2 Getting Alarm Information

To get alarm information in time is important for fault locating. There are various means to get alarm information.

I. Alarm panel

Through alarm panel, you can monitor the alarms of the whole network. According to the statistics conditions (by severity or by status), the alarm panel shows the information such as the numbers of acknowledged alarms and unacknowledged alarms of different severities.

II. Topology

The status icon on the upper left of the topological object indicates the alarm status of the object. Different icons indicate different severities. In the topological view, select a topological object with alarm status icon, right click to select [Browse Alarm] to open the alarm browser.

III. Alarm browser

Using the alarm browser, you can view the reported alarms in real time. Multiple query functions are also provided. You can select alarm profiles and set querying conditions to filter alarms. The major query functions include:

Browse real-time alarm Browse real-time event Query current alarm

We recommend that the profile-based query be preferred.

IV. Alarm box

You can get alarm notifications through alarm box. The alarm indicators and the alarm sound will show the alarm information. The system provides the operations such as stopping alarm box sound and turning off alarm box indicator.

V. Sound box

The speaker connected with the system will notify you of the alarm information. The system provides the operations such as setting alarm sound and stopping current alarm sound.

VI. Alarm transferring to e-mail

With the remote alarm notification function, the NMS can send alarms to the remote users in e-mail.



3-16

VII. Printer

You can print the alarm information in real time for permanent backup.

3.3.3 Analyzing Alarm

The system provides functions such as filtering repeated alarms, analyzing alarm correlations, and so on to make the obtained alarm information as valid as possible. Multiple and various valid alarms might be available. You should find out the real alarm causes according to the alarm-related information, including time, device status, and so on.

The alarm causes might be very complicated. The alarm causes in the alarm details window are only prompts. You should analyze, deduct and verify the real alarm causes according to the prompted alarm causes and the actual situation. You can analyze alarms from these aspects:

1) Through alarm details and related experiences 2) The system supports not only to jump from a topological node to the

corresponding alarm window, but also to locate the faulty topological node or port based on the alarm information.

Besides, the system provides port searching function. You can quickly locate the faulty port by inputting the string for port description.

3.3.4 Eliminating Fault

After finding out the real alarm causes, you can take corresponding measures to eliminate the fault.

You can locate the faulty device according to the location information provided in the alarm details window, and then eliminate the device fault according to the recovery suggestions provided and the alarm maintenance tips.

The fault recovery suggestions are general resolutions. Maintenance tips are the summary of the experience in troubleshooting. The same type of alarms may be due to different causes and require different resolutions. You should refer to the fault recovery suggestions to properly accumulate and update alarm maintenance tips.

Besides, after eliminating the fault, we suggest that you summarize the experience immediately.

3.3.5 Acknowledging and Recovering Alarm

If a fault has been cleared, you should acknowledge the relevant alarm to extract valid alarm information.



3-17

The system provides the functions of manual alarm acknowledging and automatic alarm acknowledging. The automatic alarm acknowledging is performed periodically.

After recovering from a fault, the device will report a recovery alarm. The fault system might not receive the recovery alarm due to some reason. The fault information will still exist. In this case, you should recover the alarm manually.

After the alarm is acknowledged and recovered, detailed information will be recorded including the acknowledgement user, alarm time and acknowledgement time. The corresponding alarm indicator on the alarm panel will turn green.

Moreover, after a certain period, the alarm panel and alarm box will automatically stop their alarm sound, and the alarm box will turn off the corresponding alarm indicator. Alternatively, you can manually stop them immediately The specific operations include:

Stop current alarm sound Stop alarm box sound Turn off alarm box indicator

3.3.6 Sharing Alarm Maintenance Tips

You should accumulate and record your experience in troubleshooting, particularly after getting new solution to eliminate a new alarm. The alarm maintenance tips are very helpful for you to handle similar faults in the future.

You can view, add and update the alarm maintenance tips:

In Alarm "Detailed Information" dialog box, click <Tips> to enter "Maintenance Tips" dialog box.

Enter the "Maintenance Tips" dialog box through menu operation.

3.3.7 An Example of Troubleshooting

1) Preparations: Set alarm display mode as "Alarm panel pops up when a new alarm arrives", set

alarm indicator as "Alarm panel flashes when uncleared alarm exists". Create a "Major Alarm" profile to detect all major device alarms timely. Enable correlation analysis, and set the flash interval as 150 seconds.

2) When the alarm panel pops up and the major alarm indicator flashes, double click the indicator to pop up the current alarm querying window. Then the queried alarm information is displayed in the right part of the window.

3) Select an alarm record and double click it. The "Detailed Information" dialog box then appears showing the following information:

Device Name: Office A MA5100_1 Device Type: MA5100



3-18

Alarm Name: LAN opposite end does not support self-negotiation. Severity: Major Function Class: Event Status: UnAck&UnClear Generated Time: 2002-09-27 10:57:02 Locating Info: Frame=0 Slot=1 Port=5

According to alarm name and alarm processing experiences, you may find the probable causes:

LAN local end supports self-negotiation, while the opposite end does not support. Then find the port and check the port mode according to the device name and Location Information.

4) Take the following measures: Set the same port mode for the local end and opposite end of LAN.

5) Summarize and record the alarm processing experience, and then acknowledge and recover the alarm manually.


Chapter 4 Performance Management

4-1


Performance management supports collecting, browsing and measuring performance data of all managed devices in an integrated manner. With this function, you can get to know the basis information and performance status of the current network, which can help you to prevent network failures and plan the network reasonably.

For the explanation of the concepts involved in the performance management, see Table 4-1.

Table 4-1 Explanation of the basic concepts involved in the performance management

Concept Explanation

Measuring Object

A measuring object is a managed object on which the performance data is collected, such as a device, board, port, logical port and PVC. Each measuring object has a unique identification within the network.

Performance Metrics

A parameter measuring the running performance of a system (NE, NMS or network). It can be obtained through arithmetic of one or more Managed Information Base (MIB) objects. For example, ADSL line downstream noise margin is obtained by calculating X1 and X2 MIB objects through Y1 and Y2 operations. Each performance metrics has one unique ID.

Performance Profile

A performance profile combines several performance indexes so that it applies to one type of NEs, such as ADSL port performance collection profile of the MA5100 and ADSL performance collection profile. Each performance profile has a unique ID.

Measuring Entity

A parameter of the data that must be collected during the measurement, like traffic, calling times and average seizure duration. It can be considered as a measuring variable.

Measuring Unit

A type of specific measurements, such as the incoming office traffic measurement, outgoing office traffic measurement, internal traffic measurement. It can be described with such elements as the entity, object, time and output ranging, and provides answers to such questions as what, when, how to measure, and when to output the measuring results.

Task A group of descriptions of a specified traffic measurement operation, involving multiple respects, like description of the statistic object features (specifying calls specified in the statistic range), that of the statistic time, output entities and output time.

Traffic Measurement Report

A report describing the measurement result of one type of traffic, as well as measuring object, measuring entity value, measuring cycle and start date and end date of the measurement, providing a basis for the whole network performance measurement, planning and running management.



4-2

4.1 Realtime Performance Management Realtime performance management provides the function of browsing realtime performance data of the objects. You can browse the realtime performance data as well as save the data.

4.1.1 Adding/deleting Performance Indexes

This operation enables you to add or delete performance indexes of an object.

1) Select [Performance/Add/Delete Performance Index] to display the “Add/Delete Performance Index” dialog box.

2) In the “Optional Indexes” drop-down list, select a profile. 3) Select one or more indexes (selecting multiple indexes while pressing <Shift> or

<Ctrl>), click to add the specified indexes to the selected list. You can click

to add all available indexes to the selected list.

4) Click <OK> to save the modification.

4.1.2 Saving Data

While browsing the view containing the realtime performance data, you can save the data to a file of another format for further processing and for future use. You can save the current view as an HTML file (.html) containing pictures. You can also save the data that you are viewing as an Excel file (.txt) or Text file (.txt).

Perform the following operations to save the data.

1) Select [Performance/Save as] to display the file saving dialog box. 2) In the dialog box, select the file type the data is to be saved as: .html, .csv or .txt. 3) Select the directory the file is to be saved and enter the file name. 4) Click <Save>.

Note:

The default file name provided by the system consists of the object browsed and time.

4.1.3 Adjusting Refresh Frequency

When browsing the performance data in real time, you can select one refresh frequency from highest, higher, normal, lower or lowest. After a frequency is selected, the client will refresh the interface display according to the refresh frequency.

1) Select [Performance/Frequency].



4-3

2) Select one refresh frequency from the following options: Highest, Higher, Normal, Lower or Lowest. By default, “Highest” is selected.

Note:

Highest frequency sampling means that each time the data is reported by the device, it is displayed. Higher frequency sampling means that one of two data reported by the device is displayed. For normal, lower and lowest frequency sampling, one of three, one of four and one of five data are displayed respectively.

The realtime performance management function is only supported by the broadband devices. You can display the realtime performance measurement window through the right-click menu of the modules of the NM subsystems.

4.2 Task Management The task management module supports creating and managing collection tasks. Creating a collection task is the prerequisite to performance data measurement. The collection task can collect data according to the time interval set by the collection period.

After a task is created, you can perform the following operations:

data management time distribution analysis global traffic flow measurement call failure measurement data mending

The task management module can modify, suspend, resume and delete the existing tasks, and view detailed information of the selected device tasks.

4.2.1 Viewing Tasks

This operation enables you to view the information about all existing tasks, as well as the detailed information about one task. You can perform the operation only when the tasks are available on the “Task Management” window.

1) Select [Performance&Stat/Task Management] to display the “Task Management” window.

2) On the upper part of the window, select the device type which you want to view tasks from the "Device Type" drop-down list. The tasks meeting the conditions are displayed on the window, as shown in Figure 4-1.



4-4

Figure 4-1 Task management window

3) Select a task to be viewed, right click it and then select [View Task], or double click the task to display the “Task Details” dialog box showing the detailed information of the task.

4) Click the headings of the tasks to sort the tasks.

After the operation, the detailed information of the task is shown in the “Task Details” dialog box: Task Name, Device Task Id, Device Name, Measuring Unit, Objects, Output Port, Time Range (Start Date, End Date and Polling Period) and Collection Time.

4.2.2 Creating Tasks

This operation enables you to create tasks according to the selected device type, device name, measuring unit and measuring object. You can also specify a validity period and a data collection period for a task. For the broadband devices, you can select multiple devices for one task, and before creating a task, you can test it.

I. Operation procedure

1) Select [Performance&Stat/Task Management] from the main menu to display the "Task Management" window.

2) On the upper part of the window, select a device type from the "Device Type" drop-down list and a device name from the "Device Name" drop-down list. If there are tasks meeting the conditions, they will be displayed on the lower part of the window.



4-5

3) Right click and then select [Create Task] to display the "Create Task" dialog box as shown in Figure 4-2.

Figure 4-2 Creating task dialog box

4) The default task name is displayed in the "Task Name" text box. You can change it to the desired task name.

5) Select the desired device from the "Device Name" list box. 6) Select the desired measuring unit from the "Measuring Unit" drop-down list. 7) Select the desired output port from the "Output Port" list box. “NMS Port” is

recommended. 8) Select a polling period from the "Polling Period" drop-down list. It should be longer

than five minutes. 9) Click <...> next to the "Start Time" and "End Time" boxes to specify a valid time

segment. Note that the end time should not be earlier than the start time and the start time should not be earlier than the current time.

10) Click <Advanced>. In the "Advanced" dialog box that appears, select a collection period: daily, weekly, or monthly, and then click <OK>.

11) In the "Measuring Object" frame, unfold the "Root" and then select the desired check boxes. Then the measuring objects are grouped based on the object type displayed in the "Root". Select at least one measuring object.

12) Click <OK> and then view the newly added task in the task list.

II. Parameter specification

[Device Type]: All device types supported by the performance module.

[Device Name]: After a device type is selected, all devices of the type are displayed in the "Device Name" drop-down list.



4-6

[Task Name]: Name of the task.

[Measuring Unit]: After a device is selected, all measuring units supported by the device are displayed in the "Measuring Unit" list.

[Output Port]: It can be "Statistic Port" or "NMS Port". When the "Statistics Port" is selected, the system transmits analysis data to the Background Administration Module (BAM). When the "NMS Port" is selected, the system transmits the collected performance analysis data to the Network Management Port. By default, the "NMS Port" is selected.

[Objects]: A measuring object supported by the selected device and measuring unit.

[Start Data]: Start time of the task.

[End Date]: End time of the task.

[Polling Period]: The polling period for data collection. The options include: 1 minute, 5 minutes, 15 minutes, 30 minutes, 1 hour, and 1 day.

[Set Time]: The time segment for data collection within each day. A maximum of 3 time segments can be specified, which can be of the same or different duration but should not be repeated.

[Polling Period]: The options include: daily, weekly, and monthly.

If "Daily" is selected in the "Advanced" dialog box, performance data will be collected at the time segments set in step 9 within the polling period set in step 8.

If "Weekly" is selected in the "Advanced" dialog box, you need to specify the days for data collection within each week. If you select "Tuesday" and "Saturday", performance data will be collected at the time segments set in step 9 within the polling period set in step 8.

If "Monthly" is selected in the "Advanced" dialog box, you need to specify the days for data collection within each month. If you select the 1st, 10th and 20th days for data collection within each month, performance data will be collected at the time segments set in step 9 within the polling period set in step 8.

Note:

A maximum of 3 time segments can be selected for the data collection within a day, for example, 10:00~12:00, 14:00~16:00 and 18:00~22:00.

For the broadband devices, multiple devices can be selected for one task. Note that the devices should be devices of one device type and one version.



4-7

4.2.3 Suspending Tasks

This operation enables you to suspend one or more collection tasks in running status at one time. Once a task is suspended, it can be modified, resumed or deleted.


2) On the upper part of the window, select the device types of the tasks you want to suspend from the "Device Type" drop-down list.

3) On the upper part of the window, select the device names of the tasks you want to suspend from the "Device Name" drop-down list.

4) The tasks meeting the conditions will be displayed on the lower part of the window. 5) Select the tasks you want to suspend, right click it and then select [Suspend Task]. 6) In the confirmation dialog box that appears, click <Yes> to confirm the operation or

<No> to abort the operation.

If the operation succeeds, the selected tasks change to the "Suspended" status, and the indicators in front of them turn red.

If the operation fails, the system prompts that the selected tasks fail to be suspended. If the operation partially succeeds, the system prompts that not all of the selected tasks are suspended successfully. Click <Details>to view the detailed operation results.

4.2.4 Resuming Tasks

This operation enables you to resume suspended collection tasks. One or more collection tasks can be resumed at one time.


2) In the "Device Type" list on the upper part of the window, select the device type of the task to be resumed.

3) Tasks meeting the conditions are displayed on the lower part of the window. 4) Select the task to be resumed from the task list, right click it and then select

[Resume Task]. 5) In the confirmation dialog box, click <Yes> to resume the tasks or click <No> to

abort the operation.

4.2.5 Deleting Tasks

This operation enables you to delete one or more collection tasks at one time.


2) On the upper part of the window, select the device type of the task to be deleted in the "Device Type" list.



4-8

3) On the upper part of the window, select the device name of the task to be deleted in the "Device Name" list.

4) Tasks meeting the conditions are displayed on the lower part of the window. 5) Select one or more tasks to be deleted. Right click and then select [Delete Task], a

dialog box will be shown for you to confirm the operation. 6) In the dialog box, click <Yes> to proceed to the operation or click <No> to abort the

operation.

Note:

Only the tasks in "Suspended", "Not Started" or "Terminated" status can be deleted.

4.3 Data Management Original performance data is collected from different Network Elements according to the tasks created. Data management module performs overall management on the original performance data. By setting different parameters in the query pane, you can query the original performance data by measuring object and task.

Data management includes querying performance data by measuring objects, querying performance data by task and setting data security term.

4.3.1 Querying Performance Data by Measuring Object

This operation enables you to query the collected original data according to the set conditions. You can select device type, device name, measuring unit, measuring object, measuring entity and conditional expression to query the original performance data within the specified period.


1) Select [Performance&Stat/Performance Data Management] or click on the

toolbar to display the "Data Management" window as shown in Figure 4-3.



4-9

Figure 4-3 Querying performance data by measuring objects

2) Select "Query by Measuring Object" in the "Query Type" area. 3) Select the device type for data query from the "Device Type" drop-down list. 4) Select the device name for data query from the "Device Name" drop-down list. 5) Select the measuring unit for data query from the "Measuring Unit" drop-down list. 6) In the "Time Range" area, click <...> next to the "Start Time" and "End Time" edit

boxes to specify the time range for the data to be queried. 7) Click <Measuring Object>, and then select measuring objects in the dialog box

that appears, finally click <OK> to confirm the operation and close the dialog box.

Table 4-2 Function of the buttons

Click… To…

add one or more measuring objects at one time.

add all measuring objects.

remove one or more selected objects.

Remove all selected objects.

8) Click <Measuring Entity> to display the "Create Conditional Expression" dialog box. In the dialog box, configure the conditional expression for querying and then click <OK>.

9) In the “Data Management” dialog box, click <Query> or <Apply>.



4-10


[Device Type]: A device type supported by the data management module.

[Device Name]: After a device type is selected, all names of the devices of the type are displayed in the "Device Name" drop-down list.

[Measuring Unit]: After a device is selected, all measuring units supported by the device are displayed in the "Measuring Unit" drop-down list.

[Start Time]: Start time for the data querying.

[End Time]: End time for the data querying.

[Measuring Objects]: Measuring objects for the data querying.

[Measuring Entity]: Measuring entity for the data querying.

4.3.2 Querying Performance Data by Task

This operation enables you to query the collected original data according to the set conditions. You can select device type, device name, task, measuring entity and condition expression to query the original performance data within the specified period.


1) Select [Performance&Stat/Performance Data Management] or click on the

toolbar to display the "Data Management" window as shown in Figure 4-3. 2) Select "Query by Task" in the "Query Type" area. 3) Select the device type for data query from the "Device Type" drop-down list. 4) Select the device name for data query from the "Device Name" drop-down list. 5) Select the measurement task for data query from the "Task" drop-down list. 6) In the "Time Range" area, click <...> next to the "Start Time" and "End Time" edit

boxes to specify the time range for data to be queried. 7) Click <Measure Entity>. In the dialog box that appears, create a conditional

expression, and then click <OK>. 8) In the “Data Management” window, click <Query> or <Apply>.


[Device Type]: A device type supported by the data management function.

[Device Name]: After a device type is selected, all names of the devices of the type are displayed in the "Device Name" drop-down list.

[Task]: After a device is selected, all tasks are displayed in the "Task" drop-down list.

[Start Time]: Start time for the data querying. It should be earlier than the valid start time of the performance measurement task.

[End Time]: End time for the data querying.



4-11

[Measuring Entity]: Measuring entity for the data querying. It is related to the measuring unit selected when creating the performance measurement task.

Note:

For the operations of creating a conditional expression, refer to 4.7.5 Creating a Conditional Expression.

Click <Save> to save the query results in the form of .html or .csv. Click <Print> to print the query results. Click <Delete> to delete the records. Click <Close> to close the query window.

4.3.3 Setting Data Security Term

In order to ensure security of the saved performance data, you can set a time segment starting from the current date. The time segment ranges from 3 to 6 months. The performance data within this time range cannot be deleted.


1) Select [Performance&Stat/Performance Data Management] from the main menu or click the corresponding shortcut button on the toolbar to display the "Data Management" window as shown in Figure 4-3.

2) Click <Security> on the lower part of the "Data Management" window to display the “Set Security Term” dialog box, as shown in Figure 4-4.

Figure 4-4 Setting security term

3) In the dialog box, select the security term. 4) Click <OK>.


[Security Term]: A time segment backward from the current date (it ranges from three to six months). The data within this time range will be protected and cannot be deleted.



4-12

Before the data deleting, it is determined whether to delete the data earlier than the set security term.

4.4 Data Integrity Management This operation provides the data integrity analysis function. You can analyze the data integrity according to device, measuring unit and collection task to understand the data collection status in time. The system also provides the function of mending the lost data in minimum duration, thus enhancing the integrity and security of performance analysis data. This module involves: querying data integrity, mending data by devices, mending data by measuring units, and mending data by tasks.

4.4.1 Querying Data Integrity

This operation enables you to query the data integrity information.

1) Select [Performance&Stat/Data Integrity Management] to display the "Data Integrity Management" window. There are three tables in the window, which are "Integrity of Devices", "Integrity of Measuring Units" and "Integrity of Tasks", as shown in Figure 4-5.

Figure 4-5 Data integrity window

2) Select a device type, and view the data integrity rate conditions of all devices of this device type in the “Integrity of Devices” list.



4-13

3) Select a device in the “Integrity of Devices” list, and view the data integrity rate conditions of all measuring units of this device in “Integrity of Measuring Units”.

4) Select a measuring unit in the “Integrity of Measuring Units” list, and view the data integrity rate conditions of all tasks of the selected measuring unit in “Integrity of Tasks”.

4.4.2 Mending Data

This operation enables you to mend the lost performance data at the device level, measuring unit level and task level.


1) Select [Performance&Stat/Data Integrity Management] or click on the toolbar

to display the “Data Integrity Management” window. 2) Select a device type in the “Device Type” drop-down list, and then set the start

time and end time, finally click <Query>. 3) To do mending on a device, elect a device in the "Integrity of Devices" table, right

click it and then select [Execute Mending], or click the corresponding button on the toolbar.

4) To do mending on a measuring unit, select a measuring unit in the "Integrity of Measuring Units" table, right click it and then select [Execute Mending], or click the corresponding button on the toolbar.

5) To do mending on a task, select a task in the "Integrity of Tasks" table, right click it and then select [Execute Mending], or click the corresponding button on the toolbar.


[Device Type]: All device types supported by the data integrity management module.

[Start Time]: The time point for starting querying the data integrity.

[End Time]: The time point for finishing querying the data integrity.

Note:

Click to do mending on the selected device.

Click to do mending on the selected measuring unit.

Click to do mending on the selected task.



4-14

4.5 Performance Alarm Threshold Management Performance alarm threshold management enables you to set threshold values for the measuring entities.

For each combination of device type, device, measuring unit, measuring object and measuring entity, upper threshold value and lower threshold values can be set. In the process of collecting performance data, the system will automatically check the threshold for performance data set with alarm thresholds. If the performance data exceeds the threshold, performance alarms will be generated and sent to the alarm module and finally reported to you. There are recovery alarms corresponding to the performance alarms.

Performance alarm threshold management involves querying, adding, deleting and modifying performance alarm threshold.

4.5.1 Querying Performance Alarm Threshold

This operation enables you to query performance alarm threshold records.


1) Select [Performance&Stat/Threshold Management] or click on the tool bar to

display the "Threshold Management" window as shown in Figure 4-6.

Figure 4-6 Performance alarm threshold management window



4-15

2) In the "Device Type" drop-down list, select the type of the device for which the performance alarm threshold is to be queried.

3) In the "Device Name" drop-down list, select the name of the device for which the performance alarm threshold is to be queried.

4) In the "Measuring Unit" drop-down list, select the measuring unit for which the performance alarm threshold is to be queried.

5) In the "Measuring Object" drop-down list, select the measuring object for which the performance alarm threshold is to be queried.

6) In the "Measuring Entity" drop-down list, select the measuring entity for which the performance alarm threshold is to be queried.

7) In the alarm threshold list, observe the performance alarm threshold information.


[Device Type]: All device types supported.

[Device Name]: After one device type is selected, all devices of the type will be available in the "Device Name" drop-down list.

[Measuring Unit]: After one device is selected, all measuring unit supported by the device will be available in the "Measuring Unit" drop-down list.

[Measuring Object]: It is the measuring object for which performance alarm threshold is to be queried.

[Measuring Entity]: It is the measuring entity for which performance alarm threshold is to be queried.

4.5.2 Adding a Performance Alarm Threshold

This operation enables you to add performance alarm threshold for the measuring entities. Depending on the alarm threshold and alarm levels added, corresponding alarms will be generated.


1) Select [Performance&Stat/Threshold Management] from the main menu or click

on the toolbar to display the "Threshold Management" window as shown in

Figure 4-6. 2) In the "Device Type" drop-down list, select the type of the device for which the

performance alarm threshold is to be added. 3) In the "Device Name" drop-down list, select the name of the device for which the

performance alarm threshold is to be added. 4) In the "Measuring Unit" drop-down list, select the measuring unit for which the

performance alarm threshold is to be added. 5) In the "Measuring Object" drop-down list, select the measuring objects for which

the performance alarm threshold is to be added.



4-16

6) In the "Measuring Entity" drop-down list, select the measuring entities for which performance alarm threshold is to be added.

7) In the "Threshold" pane, enter values for "High Threshold" and "Low Threshold", and then select "Alarm Level".

8) In the "Date Time" pane, click <...> next to the "Start Time" and "End Time" to set start time and end time for the performance alarm threshold.

9) Click <Add> and then observe the newly added performance alarm threshold record in the performance alarm threshold list.


[High Threshold]: Upper threshold of the performance alarm threshold. In case it is crossed, alarms will be generated.

[Low Threshold]: Lower threshold of the performance alarm threshold. In case it is crossed, alarms will be generated.

[Alarm Level]: It is of enumerated type. The following options are provided: critical, major, minor and warning.

[Start Time]: Start time for threshold value checking. It should not be earlier than the current time.

[End Time]: End time for threshold value checking. It should not be earlier than the start time.

4.5.3 Modifying a Performance Alarm Threshold

This operation enables you to modify performance alarm threshold of the measuring entity. Among the parameters, start time, end time, upper limit, lower limit and alarm level can be modified. After the modification, the alarms will be reported according to the newly-set upper/lower limit and alarm level.

1) Query performance alarm threshold following the steps given in 4.5.1 to list all performance alarm threshold records meeting the conditions in the result output area.

2) Select one record to be modified in the threshold list. 3) On the "Threshold" pane, enter new values for "High Threshold" and "Lower

Threshold", and then select new "Alarm Level". 4) On the "Time Range" pane, click <...> next to the "Start Time" and "End Time" edit

boxes and then modify the start time and end time for performance alarm threshold.

5) Click <Apply>.



4-17

4.5.4 Deleting a Performance Alarm Threshold

This operation enables you to delete performance alarm threshold from the measuring entities. After the deletion, no performance alarms will be generated for the measuring objects.

1) Query performance alarm threshold following the steps given in 4.5.1 to list all performance alarm threshold records meeting the conditions in the result output area.

2) Select one or more records to be deleted in the threshold list. 3) Right click it and then select [Delete]. 4) In the confirmation dialog box, click <OK>.

4.6 Performance Measurement

4.6.1 Time Distribution Analysis

Time distribution analysis is:

analyze one or multiple measuring entities of one measuring object according to different steps within the specified period of time

or to compare the same measuring entity of multiple measuring objects and output the analysis result in the form of table or graphics.


1) Select [Performance&Stat/Time Distribution Analysis] or click on the toolbar

to display the "Time Distribution Analysis" window. On the upper part of the window is the analysis conditions input area while the lower part is the result output area.

2) Select the desired device type from the "Device Type" drop-down list. 3) Select the desired device name from the "Device Name" drop-down list. 4) Select the desired measuring unit from the "Measuring Unit" drop-down list. 5) Select the desired analysis type from the "Analysis Type" drop-down list. 6) In the "Time Range" pane, click "Period" drop-down list and then select the

analyzing cycle. Click <...> next to the "Start Time" edit box and then set the analyzing operation start time in the pop-up calendar.

7) Click <Measuring Object> to display the measuring object selection dialog box. In this dialog box, select measuring objects.

8) Click <Measuring Entity>. In the dialog box that appears, select the measuring entity and then configure the calculation formula for the measuring entity. In the measuring entity selection dialog box, select measuring entities.

9) In the “Show Type” list, select the query result output format: Table Multiple Bar or Line.

10) Click <Query> or <Apply>.



4-18

4.6.2 Global Traffic Flow Analysis

This operation enables you to analyze the specified measuring units including:

originating traffic inner traffic originating outgoing office traffic incoming office traffic incoming office terminating traffic transfer traffic terminating traffic outgoing office traffic

The analysis entities include call attempt times, call connect times, answer times, seizure traffic and answer traffic.


1) Select [Performance&Stat/Global Traffic Flow Analysis] or click on the

toolbar to display the “Global Traffic Flow Analysis" window as shown in Figure 4-7.

Figure 4-7 Global traffic flow analysis

2) In the "Device Type" drop-down list, select the type of the device to be analyzed. 3) In the "Device Name" drop-down list, select the name of the device to be analyzed.



4-19

4) In the "Date Time" pane, click <...> next to the "Start Time" and "End Time" edit boxes and then set the start time and end time for the analysis.

5) Click <Query> or <Apply>.


[Device Type]: All device types supported.

[Device Name]: After one device type is selected, all devices of the type will be available in the "Device Name" drop-down list.

[Start Date]: Start date for the analysis.

[End Date]: End date for the analysis.

Note:

This function is only supported by the C&C08 switch and SoftX3000.

4.6.3 Call Failure Analysis

This operation enables you to analyze different failure calls resulted from different causes within the specified time segment. To perform a call failure analysis operation, the user needs to select a device, measuring unit, measuring objects of the trunk groups as well as start time and end time for the analysis.

The measuring units supporting call failure analysis include Incoming Trunk Group and Outgoing Trunk Group.

1) Select [Performance&Stat/Call Failure Analysis] or click on the toolbar to

display the "Call Failure Analysis" window as shown in Figure 4-8.



4-20

Figure 4-8 Call failure analysis window

2) In the "Device Type" drop-down list, select the type of the device to be analyzed. 3) In the "Device Name" drop-down list, select the name of the device to be analyzed. 4) In the "Measuring Unit" drop-down list, select the measuring unit to be analyzed. 5) In the "Time Range" pane, click <...> next to the "Start Time" and "End Time" edit

boxes and then set start time and end time for the analysis. 6) Click <Query> or <Apply>.

Note:

This function is only supported by the C&C08 switch and SoftX3000.

4.7 Other Functions

4.7.1 Changing Graph Settings

When the measurement results are displayed in the form of histogram or graph, their attributes can be reset, for which the line color and type, background color and grid can be selected freely. When statistics report is displayed in the form of graph, through the above settings, an object can be differentiated from others. The graph can be moved horizontally or vertically, through which parts that cannot be fully displayed will be



4-21

viewed. Furthermore, the graph can be flexed by zooming in or out X and Y axis, and the two axes can be displayed in the grid mode.


1) In the “Show Object" check box, select the desired object for graph setting. 2) In the “Line Color” check box, select the desired color. 3) In the “Line Type” check box, select the desired line type. 4) In the “Background Color” check box, select the desired background color. 5) In the “Show X-axis Grid Line” selection box, select the grid line of X axis. 6) In the “Show Y-axis Grid Line” selection box, select the grid line of Y axis. 7) Select “X Properties” to zoom in or out X axis. 8) Select “Y Properties” to zoom in or out Y axis. 9) Click <Right> or <Left> in the “X Properties” area to right or left move the graph. 10) Click <Right> or <Left> in the “Y Properties” area to right or left move the graph.


[Show Object]: The selected object.

[Line Color]: The line color of the selected object.

[Line Type]: The line type of the selected object.

[Background Color]: The background color of the graphics.

[Show X-axis Grid Line]: Show grid line on the X-axis.

[Show Y-axis Grid Line]: Show grid line on the Y-axis.

[X Properties]: Vary the graph with the zooming in/out of X axis, or right/left move the graph.

[Y Properties]: Vary the graph with the zooming in/out of Y axis, or right/left move the graph.

Note:

The graph property tool is available only when the “Multiple Bar” or “Line” mode is selected.

4.7.2 Saving Measurement Data

This operation enables you to save measurement data in the form of .html, .txt, or .csv.


1) Perform a performance measurement task to measure the performance data. 2) Click <Save> to display the “Save” dialog box.



4-22

3) If the records are displayed in full pages, you will be prompted to select all data or current data. After selecting one mode, click <OK> and proceed to step 4). Otherwise, proceed to step 4) directly.

4) Select the saving directory, enter the file name and select the save type. 5) Click <Save>.


[Save Path]: Save path of the measurement report.

[File Name]: Name of the file saving the measurement report.

[File Type]: Select to save the measurement report in one of the following type: .htm, .txt or .csv.

4.7.3 Printing Measurement Data

This operation enables you to print the measurement data generated from measurement operations for reference.

1) Perform a performance measurement task to measure the performance data. 2) Click <Print> to display the “Print Preview” dialog box. 3) Click <First>, <Previous>, <Next> and <Last> to browse the information to be

printed. 4) Click <Print> to display the “Print” dialog box. 5) If the records are displayed in full pages, you will be prompted to select all data or

current data. After selecting one mode, click <OK> and proceed to step 6). Otherwise, proceed to step 6) directly.

6) Specify a printer and then click <OK> to print the measurement result with the specified printer.

Note:

The measurement report in any of the three forms (table, multiple bar or line) can be printed.

4.7.4 Deleting Measurement Data

This operation enables you to delete the queried performance measurement data.

1) Perform a performance measurement task to measure the performance data. 2) Select multiple data records and then click <Delete>. 3) In the dialog box that appears, select the start time of the data to be deleted. 4) Click <OK> to delete the selected data.



4-23

Note:

You can only delete the data beyond the data security term. You can only delete the data in the “Data Management” window.

4.7.5 Creating a Conditional Expression

This operation enables you to create a conditional expression to query the performance measurement data of a measuring entity of the selected measuring unit conditionally.

1) Select [Performance&Stat /Data Management] to display the “Data Management” window.

2) Click <Measuring Entity> to pop up the “Create Conditional Expression” dialog box.

3) Select a measuring entity and click the Operator drop-down list. The following operators are available: “=", “>”, “>=”, “<”, “<=” and “!=”. Select one operator and enter the value of the conditional expression in the value pane to generate a conditional expression.

4) Click <OK> to create the conditional expression, or click <Cancel> to abort the operation.

Note:

The query condition should comply with the operation results. For example, select Entity 1 and Entity 2, and operate them with AND, then the query results can only be the measuring objects with both desired measuring entities. Operate them with OR, then the query results can be the measuring objects with either desired measuring entity.


Chapter 5Security Management

5-1

Chapter 5 Security Management

Security management performs security control of the NMS. To ensure system security, NMS user right must be controlled. After starting the NMS, the user can only log in to the NMS with the created user account, and after logging in, the user can only perform the authorized operations. The system will record any sensitive operations performed by the user to the management applications. And the administrator can monitor and browse the user operation logs to get operation information of all users. The security management main window is as shown in Figure 5-1.

Figure 5-1 Security management main window

5.1 Basic Conception

I. User group

User group is a group of NMS users with the same authorities. User group is a collection of users as well as authorities. The default user groups are administrator group, maintainer group, operator group and monitor group.



5-2

II. Device set

Device set is a group of managed devices which are of the same device type. In a device set, the information of authorities is not involved. One device set may contain multiple devices and one device may belong to multiple device sets.

III. Operation set

Operation set is a group of operations which may be performed on the NMS. One operation set may contain multiple operations and one operation may belong to multiple operation sets.

5.2 Functions

5.2.1 Creating a User

Perform the following operations to create a new NMS user.

1) Select [System/Security Manager] to enter the security management main window.

2) In the "Security Object" tree, select the "User" node, right click it and then select [New User] to display the "New User" dialog box.

3) In the dialog box, set the following parameters: Name: compulsory, a character string which consists of less than 20 characters.

The parameter must be filled in and the name should not overlap with the existing operation set name.

User Full Name: optional, a character string which consists of less than 48 characters.

Detailed Description: optional, a character string which consists of less than 48 characters. The maintenance personnel may input useful information here.

Password: compulsory, a character string which consists of 4-10 characters. Confirm password: to confirm the previously inputted user password. Account suspended: options are "Yes" or "No", and it is "No" by default. Account always valid: options are "Yes" or "No", and it is "No" by default. Account expiry data: In the case you select "No" in the "Account always valid" list

box, you need input the expiry date here. The date can be selected by click <...> besides the list box.

Password always valid: options are "Yes" or "No", and it is "No" by default. Password expiry date: In the case you select "No" in the "Password always valid"

list box, you need input the expiry date here. The date can be selected by click <...> besides the list box.

Login time quantum: to restrict user login time. It defaults to be any time within one day.



5-3

4) Click <OK> to add the user.

5.2.2 Modifying User Attributes

Perform the following operations to modify such information as user detailed information, management right, operation right and Access Control List (ACL).


2) On the "Security Object" tree, double click the "User" node to show all users. 3) Click the user, the name of which you want to modify, then the basic information

of the user is shown on the right part of the window. 4) On the "General" tab, modify general attributes of the user. Note that the name of

the user cannot be modified. Then click <Apply> to validate the modification. 5) On the "Subjection" tab, modify the user group to which the user belongs. 6) On the "ACL Setting" tab, set the user to log in to the NMS from a specified client.

Then click <Apply> to validate the modification. 7) On the "Management Right" tab, modify the management right of the user. 8) On the "Operation Right" tab, modify the operation right of the user and then click

<Apply> to validate the operation.

5.2.3 Assigning a User to User Groups

Perform the following operations to assign a user to a user group so that the user has all the management and operation authorities of the user owned by the user group.


2) On the "Security Object" tree, double click the "User" node to show all users. 3) Click the user to be assigned, then detailed information of the user is shown on

the right part of the window. 4) Select the "Subjection" tab and then click <Add> to display the "Add User Group"

dialog box. 5) In the table displayed on the upper part of the dialog box, all the user groups

available are listed. In the list, select the group you need the user to be in and then click <Add> to add the user group to the table on the lower part of the window. Or click <Delete> to delete the record from the table on the lower part of the window.

6) Click <OK> to assign the user to the selected user group.

5.2.4 Assigning Operation Right to a User

Perform the following operations to authorize a user to perform or prohibit a user from performing specified operations.



5-4

1) Select [System/Security Manager...] to enter the security management main window.

2) On the "Security Object" tree, double click the "User" node to show all users. 3) Click the user to which the operation right is to be assigned, then detailed

information of the user is shown in the right part of the window. 4) On the "Operation Right" tab, current operation right of the user is shown. Click

<Add> to display a dialog box to add operation right. In the dialog box, select the types and sub-types, then the corresponding security objects are shown in the "Operation Objects" list and operation names and levels are shown in the table on the up right corner.

5) Select the objects and operations to assign operation right, then click <Add> to add the selected operation right to the list on the lower part of the window or click <Delete> to delete the selected operation right on the lower part of the window.

6) Click <OK>, the operation right in the list on the lower part of the window will be added to the operation right group of the corresponding user. The system will automatically identify and filter the right that already exists in the operation right group of the user.

7) On the "Operation Right" tab, select the operation right to be deleted and click <Delete> to delete it.

Note:

Security Object and Type: The basic unit for right assigning is security object. Any entities to be assigned with operation right, such as menus and managed devices, can be regarded as the security object. To make the operation more convenient, we classify the security objects into two levels: object type and object subtype.

Operation and Operation Set: Each piece of right is a triplet composed of users, security objects and operations and it is meaningless to have security objects but no operations. Operations are always the same on the object of the same subtype, thus you may create operation sets containing some operations of the same subtype. Then you will find your operation to assign operation right is simplified with the operation sets.

"Add Device" right: In the "Add Operation Right" dialog box, there exists a special object "Add Device" in the "Operation Object" list. In the case that the user has the right to conduct some or all of the operations contained in the "Add Device" object, after the user creates one device of the type, he can conduct the operations on the device.

Conventions: The user cannot assign right to the super user (admin) or to himself.



5-5

5.2.5 Assigning Management Right to a User

Perform the following operations to authorize a user assign management right to a user.


2) On the "Security Object" tree, double click the "User" node to show all users. 3) Click the name of the user to which the operation right is to be assigned, then

detailed information of the user will be listed on the right part of the window. 4) On the "Management Right" tab, view current management right of the user. 5) Management right is displayed with a resource tree. The first layer of the tree lists

the device types that can be managed by the user. The second layer lists the devices that can be managed by the user. If a node on the first layer is selected, it means that the resource and all its sub-resources can be managed. If the nodes on the second layer are partially selected, it means that resource can be managed while some of its sub-resources cannot. If no node is selected, it means that neither the resource nor the sub-resources can be managed.

6) Click <Set> to display the management right setting dialog box. On the upper part of the dialog box, set the desired query conditions, and then click <Query>. Then the matching devices are displayed in the list on the lower part. The "Management Status" column shows the management status of the device. Change the status, and then click <OK> or <Apply>.

7) Alternatively, you can set the management rights of some resources in this way: Change the management right status on the resource tree and then click <Apply>.

Note:

Management Right: whether or not the user has the right to manage the specified device and board. In the topological view, the devices which the user has no right to manage will not be shown to the user, and on the device panel, the boards which the user has no right to manage will not be shown to the user either.

Conventions: When a user is created, he is not authorized to manage any resource by default. The user can't assign management right to the super user or himself. If a user is not authorized a device, it is impossible to assign the operation right of the device to him.

5.2.6 Creating a User Group

Perform the following operations to create a user group.



5-6


2) On the "Security Object" tree, select the "User Group" node, right click it and then select [New User Group] to display the "New User Group" dialog box.

3) In the "New User Group" dialog box, set the following parameters: [Name]: optional, a character string shorter than 20 characters. It should not be

the same with any existing user group name. [Detailed description]: optional, a character string shorter than 50 characters,

giving detailed information of the user group. 4) Click <OK> to add the user group.

5.2.7 Modifying User Group Attributes

Perform the following operations to modify description information and members of the specified user group.


2) On the "Security Object" tree, double click the "User Group" node to show all user groups.

3) Click the user group to be modified, then the basic information of user group is shown on the right part of the window.

4) On the "General" tab, modify "Detailed Description" of the user group. Note that the name of the user group cannot be modified. Then click <Apply> to validate the modification.

5) On the "Member" tab, modify the users contained in the user group. 6) On the "Management Right" tab, modify the management right of the user group. 7) On the "Operation Right" tab, modify the operation right of the user group, and

then click <Apply> to validate the modification.

5.2.8 Assigning Operation Right to a User Group

Perform the following operations to authorize a user group to perform or prohibit a user group from performing the specified operation.



3) Click the user group to which operation right is to be assigned, then detailed information of the user group will be listed in the right part of the window.

4) On the "Operation Right" tab, view the current operation right of the user group. Click <Add> to enter the "Add Operation Right" dialog box. In the dialog box, select different types and sub-types, then the "Operation Object" list will display



5-7

all related security objects, and the table on the up right corner will list all the related operation names and levels.

5) Select the objects and operations to which operation right is to be assigned, click <Add> to add the operation right in the list on the upper part of the interface to the list on the lower part. Or click <Delete> to delete the selected operation rights in the list on the lower part of the interface.

6) Click <OK>, the operation right in the list on the lower part of the interface will be added to the operation set of the user group. The system will automatically identify and filter the right that already exists in the operation set of the user group.

7) On the "Operation Right" tab, select the operation right to be deleted and then click <Delete> to delete it.

5.2.9 Assigning Operation Right to a User Group

Perform the following operations to authorize a user group to manage or prohibit a user group from managing the specified devices and boards.



3) Click the user group name to which the operation rights are to be assigned, then detailed information of the user group will be listed on the left part of the window.

4) On the "Management Right" tab, view the current management right of the user group.

5) Management right is displayed with a resource tree. The first layer of the tree lists the device types that can be managed by the user group. The second layer lists the devices that can be managed by the user group. If an item is fully selected, it means that the resource and all its sub-resources can be managed. If it is half-selected, it means that resource can be managed while some of its sub-resources cannot. If it is not selected, it means that neither the resource nor the sub-resources can be managed.

6) Click <Set> to display the <Query>. Then the matching devices are displayed in the list on the lower part. The "Management Status" column shows the management status of the device. Change the status, and then click <OK> or <Apply>.

7) Alternatively, you can set the management rights of some resources in this way: Change the management right status on the resource tree and then click <Apply>.



5-8

5.2.10 Creating an Operation Set

Perform the operations to create an operation set according to the security object type, thus making it convenient to assign user operation right.


2) On the "Security Object" tree, select the "Operation Set" node, right click it and then select [New Operation Set] to display the "New Operation Set" dialog box.

3) In the dialog box, set the following parameters: [Name]: compulsory, a character string which consists of less than 20 characters.

The name should not overlap with the existing operation set name. [Detailed Description]: optional, a character string which consists of less than 50

characters. It is a description of the operation set. [Type]: all security types of the NMS are listed. [Subtype]: all subtypes corresponding to the security type.

4) Then click <OK> to create the operation set.

5.2.11 Modifying Operation Set Attributes

Perform the following operations to modify description information and members of a specified operation set.


2) On the "Security Object" tree, double click the "Operation Set" node to show all operation sets.

3) Select the operation set to be modified, then the operation set information will be displayed on the right part of the window.

4) On the "General" tab, modify detailed description of the operation set. Note that the name of the operation set cannot be modified. Then click <Apply> to validate the modification.

5) On the "Member" tab, modify the operations contained in the operation set.

5.2.12 Setting Operations in an Operation Set

Perform the following operations to add or delete specified operations. In this way, the user can assign operation right conveniently.


2) On the "Security Object" tree, double click the "Operation Set" node to show all operation sets.

3) Select the operation set to be modified, then the operation set information will be displayed on the right part of the window.



5-9

4) On the "Member" tab, click <Add> to display a dialog box for you to add a device. 5) All the operations can be added are listed in the table on the upper part of the

window. Select the desired operations and then click <Add> to add the operations to the table on the lower part of the window.

6) Click <Delete> to delete the selected operations in the table on the lower part of the window. Or click <OK> to add the operations in the table on the lower part of the window to the operation set.

5.2.13 Setting User ACL Right

Perform the operations to specify from which clients can the users log in to the NMS.


2) On the "Security Object" tree, double click the "User" node to show all users. 3) Click the user to set ACL right, then the basic information of the user is listed on

the right part of the window. 4) On the "ACL Setting" tab, view current ACL of the user. If a check box in the first

column is checked, it indicates that the user is authorized to log in to the NMS from the client.

5) "Constrained by ACL" check box is used to set whether or not the user is constrained by ACL. If the check box is cleared, it means that the user is allowed to log in to the NMS from any client in the ACL, otherwise, the user can only log in to the NMS from the selected clients in the ACL.

6) Click <Add ACL> to add a new ACL item. 7) Check or clear the check boxes in the first column to set from which clients the

users can log in to the NMS. 8) After completing the settings, click <Apply> to validate the setting.

5.2.14 Setting System ACL

Perform the following operations to set system ACL data, including adding, modifying and deleting ACL items.

1) Select [System/System Setting] to display the "System Setting" dialog box. 2) Select the "ACL Setting" tab, then all ACL items in the current NMS will be listed.

Click <Add> to add a new ACL item. Click <Modify> to modify the selected ACL item. Click <Delete> to delete the selected ACL item.

3) After completing the settings, click <Apply> or <OK> to validate the settings.

5.2.15 Realtime Monitoring User Operation Logs

Perform the following operations to view operations conducted by the logon users.



5-10

1) Select [System/Monitor User Operations] to display the “Operation Realtime Monitor” window, as shown in Figure 5-2.

Figure 5-2 Operation realtime monitor

2) In the ”Operation Realtime Monitor” dialog box, set the following monitoring conditions:

[User]: You can select "All" or a specific user. [Client]: You can select "All" or a specific IP address of a client. [Operation Name]: You can select "All" or input a specific operation name. [Operation Level]: You can select "All", "System Administration", "System

Maintenance", "System Operation", or "System Survey". [Object]: You can select "All" or input a specific object name. [Result]: You can select "All", "Succeed", "Partially Succeed" or "Fail". Herein,

"Partially Succeed" means that a part of operations succeed while performing batch operation. For example, after batch dumping logs, the final dumping record number is 1500, while the initial number is 2000. In this case, the operation result is "Partially Succeed".

3) After you completing the settings, the system will automatically display the operations meeting the conditions.

5.2.16 Browsing/Dumping User Operation Logs

Perform the following operations to browse and dump user operation logs.



5-11

1) Select [System/Browse User Log] to display the "Log Browse" dialog box, as shown in Figure 5-3.

Figure 5-3 Log browsing

2) In the "Log Browse" dialog box, set the following browsing conditions: [User]: "All Users" or a specific user. [Client]: "All Client" or a specific IP address of a client. [Range]: combined by "Start Time/The First Record" and "End Time/The Last

Record", totally 4 options. ["Start Time" or "End Time"]: selected from the time selection box besides it.

When "The First Record" or "The Last Record" is selected, the time selection box beside it will gray out.

[Key String]: a fuzzy index for searching for the log "Detailed Information" containing the character string.

[Object]: Click <Select> and then select an object. 3) After completing the settings, click <Query>, all operation logs meeting the set

conditions will be displayed in the table on the lower part of the window. Double click the table headers to sort the information.

4) In the table, select a log and then double click it, the detailed information dialog box will appear showing detailed information of the operation logs.

5) Click <Print> to print the query result or click <Save> to save the query result as a file.

6) Click <Dump> to dump the operation logs manually.



5-12

Caution:

Only the users who are authorized to browse user operation logs as well as the super user can browse user operation logs.

5.3 User Right Management

It is of vital importance to reasonably plan NMS user right and strictly control user account allocation, because any security neglect may make the NMS fragile when facing attacks thus may menace security of the managed devices.

Generally, user right management process falls into six phases: preparations creating users adding users to user groups adjusting user operation right adjusting user management right configuring ACL user login.

5.3.1 Preparations

First, according to the need of daily maintenance operations, classify the NMS users into the following groups:

Administrator: It may be the administrator of the Network Management Center (NMC) or the network planning personnel, who has the highest operation right.

Maintainer: It can be the service provisioning personnel, maintenance personnel or trouble-shooting personnel.

Operator: It is the operator in the NMC. Monitor: It can only monitor network running and has the lowest operation right.

Then confirm the members containing in each group and collect user name, logon password, logon client IP address, the managed device and operations which has a special requirement for operation right.

5.3.2 Creating Users

After the system is initially installed, only one default user "admin" is provided and the ACL is empty. The user can only log in to the NMS from the server. "Admin" is a super user who has all operation and management rights. Like other users, "admin" can be controlled to log in from a specified client.

Log in to the NMS as "admin" and create all the NMS users depending on the user names and passwords collected.



5-13

5.3.3 Adding Users to User Groups

According to the common maintenance requirements, the NMS provides user groups of four levels, including administrator group, maintainer group, operator group and monitor group. Among them, administrator group has the highest operation authority while the monitor group has the lowest. For operation authorities they have, you may query in the NMS. If the default user group cannot meet the maintenance requirements, you may create new user groups.

According to the authority level the users should have, add the NMS users to the corresponding user groups.

5.3.4 Adjusting User Operation Right

After being added to a user group, by default, the user has all operation right defined for this user group. When the operation right of the user group does not fit the user, the operation right can be adjusted by adding or deleting operation right of the user so that the operation right can meet the actual requirement.

5.3.5 Adjusting User Management Right

After being added to a user group, by default, the user has all management right defined for this user group. When the management right of the user group does not fit the user, the management right can be adjusted by adding or deleting management right of the user so that the operation right can meet the actual requirement.

5.3.6 Configuring ACL

To ensure system security, the NMS authenticate the logon user by verifying the user access IP. The NMS has a list of all system addresses (system ACL). If the user do not log in to the NMS through the server, he must log in from the IP address defined in the system ACL, otherwise, authentication may fail. Besides, each user corresponds to his own ACL (user ACL). In the case the user ACL is not empty, the IP address from which the user log in must be defined in the user ACL, otherwise, the user cannot log in to the NMS successfully.

According to the logon client IP address, configure system ACL and user ACL to control the user to log in to the NMS from the specified client.

5.3.7 User Log In

After the above setting, all the users can be provided with the server IP address and be notified to log in to the NMS. Remember to remind the users to keep the logon



5-14

password safety and change it periodically to avoid the password being embezzled by others illegally.

To log in to the NMS, do the following:

From the "Start" menu, select [Program/iManager N2000/N2000 Client] or double

click the desktop shortcut icon to display the user logon dialog box, as shown in Figure 5-4. In the dialog box, input user name and password to enter the client topological window.

Figure 5-4 User login

Besides, you may click <...> next to the "Server" drop-down list to display the server setting dialog box as shown in Figure 5-5. In the dialog box, you may set logon servers by adding, modifying or deleting operations so that the user may switch to other servers. Here the IP address is shown in dotted decimal notation, and the default port No. is 9800 which need not be set by the user.



5-15

Figure 5-5 Setting login servers

5.4 License Management

5.4.1 Querying License

Perform the following operations to view the license information and usage.

1) Select [Help/About] from the main menu. 2) In the “About” dialog box that appears, click the “License” tab.

The license details and usage are displayed, including the number of licenses you have purchased and that of the licenses being used.

Parameter specification:

[Licensed Packages]: The software package you are authorized to install and use.

[Capacity]: The number of the devices you are authorized to manage. The management of an additional device requires one more license. If all your licenses are used up, you cannot manage any additional device.

[Client]: The number of the clients you are authorized to connect with. If all your licenses are used up, no additional client can be connected.

[Expiry]: The invalidity period of the license.

[Server ID]: Unique ID of the NMS server.

5.4.2 Upgrading License

If you need more licenses or your licenses expire, please contact our local office or local agent or call 800-830-2118 to upgrade your licenses.


Chapter 6 Environment Monitoring Management

6-1


The environment monitoring module of the iManager N2000 can implement centralized monitoring of corresponding device environment, including:

centralized management and maintenance of the environment parameters and power parameters of the devices;

monitoring the third party power system, thus reducing costs of the operators.

Environment monitoring management module of the iManager N2000 mainly provides the following functions:

Centralized monitoring to the local equipment room, remote module power supply and running environment.

Centralized monitoring to such environment parameters as power supply, temperature, humidity and access control of access network devices of narrowband switches.

Data transmission through its inherent monitoring units and monitoring message transmission channels, thus greatly reducing the monitoring cost.

The monitored information is transmitted to the monitoring console through the transmission channel, so that the monitoring console can monitor the AC power supply and power off time, DC voltage, battery group and environment parameters of the remote equipment.

6.1 Monitoring Power Parameters

This operation enables you to monitor the power parameters of the selected environment monitoring units, including:

AC input voltage and current; rectifier output voltage and current; working status of the rectifier; load fuse alarm; rectifier module fault; over voltage/over current/under voltage/over temperature alarm; battery fuse alarm; working status of the battery.

I. Operation proceudre

1) Select [Environment Monitoring/Browse Environment Monitoring Unit] on the main interface to display the “Environment Monitoring” window.



6-2

2) Select the query mode. Options are “All Monitoring Unit” or a specified IP address of a device.

3) In the Environment Monitoring Unit list, select a monitoring unit with power parameters.

4) The power tab appears in the display area at the lower part. Click the power tab to pop up a browsing interface of the power information.

5) Eight sub-tabs are contained on the power tab. Click different tabs to browse corresponding power information.

Click… to…

“General” tab

browse all information of the power, including the power index, power type, power name, Power Index, Power Type, Power Name, Mains Status, Communication Status, AC Input Status, Current AC Loop, DC Output Voltage Status, DC Output Current Status, Output Load Status, Rectifier Module Status, Battery group loop Status, Power Supply Control Mode.

“AC Input Loop” tab browse the AC input loop information of this power supply, including: Loop No., Input Status (V), Overvoltage Threshold (V), Undervoltage Threshold (V), Input Voltage A(V), Input Current A(A), Input Voltage B(V), Input Current B(A), Input Voltage C(V), Input Current C(A).

“DC Output” tab browse the DC output information of this power supply, including: DC Voltage Output (V), DC Current Output (A), Overvoltage Threshold (V), Undervoltage Threshold (V), DC Output Voltage Status, DC Output Current Status, Total Current, Load Power off Temperature(OC), DC Distributor Running Status.

“Output Load” tab browse the output load information of this power supply, including: Load No, Load Name, Power Status, Load Fuse Status, Present Voltage (V), Present Current (A) and Lower Voltage (V).

“Rectifier Module” tab

browse the rectifier module information of this power supply, including: Module No, Current Status, Running Status, Output Voltage (V), Output Current (A) and Current Limiting Mode.

“Battery Group” tab

browse the battery group information of this power supply, including: Battery Energy Supply Status, Battery Group Total Capacitance, Battery Group Remaining Capacitance, Number of Battery Groups, Undervoltage Threshold, Overvoltage Threshold, Second Lower Voltage, Battery Protection Voltage, Charging Current Limiting Point Factor and Battery Power off Temperature.

“Battery Group Loop” tab

browse the battery group loop information of this power supply, including: Loop No, Switch Status, Working Status, Battery Fuse Status, Battery Contact Status, Loop Voltage (V), Loop Temperature, Charging Capacitance (A.h) and Overcurrent Threshold (A).

“Charging Management” tab

browse the recharging management information of this power supply, including: Charging Management Mode, Charging Status, Even Charging Voltage Charging Capacity (V), Float Charging Voltage Charging Capacity (V), Timing Even Charging Time (h) and Temperature Compensation Factor.



6-3

Note:

The queried power information may vary with the selected monitoring unit and configured power. The power tab is automatically created according to the monitoring unit, the number of which is

consistent with the configured powers. No power tab is displayed if the selected environment monitoring unit is not configured with the power.

6.2 Monitoring Environment Parameters

This operation enables you to monitor the environment parameters of one or all devices managed by the NMS.


1) Select [Environment Monitoring/Browse Environment Monitoring Unit] on the main interface to pop up the “Environment Monitoring” window, as shown in Figure 6-1.

Figure 6-1 Environment monitoring window



6-4

2) The area at right of the window is divided into three parts: The upper is the “Query Mode” selection box, the middle is the monitoring unit list, and the lower is the display area of environment parameters and power parameters.

3) Select “All Monitoring Units” in “Query Mode” to browse general information of all the monitoring units of this device under the NMS in the monitoring unit list.

4) Select the IP address of a device in “Query Mode” to browse general information of the environment monitoring units of this device in the monitoring unit list.

5) Select an environment monitoring unit in the monitoring unit list. 6) The “Environment Parameters” tab of this monitoring unit is displayed in the

display area. Click it to browse the environment parameter information of the selected monitoring unit.

II. Operation result

1) In steps 1 ~ 4, the environment monitoring unit information of all devices or selected device can be browsed, including: Monitoring Board Status, Environment Parameter Status, Supply Status, Device Name, NE/Frame/Module Index, Monitoring Object Name and Monitoring Board Type.

2) In steps 5 ~ 6, details of the environment parameters of the selected environment monitoring unit can be browsed, including the name, current value, status, unit and latest alarm time of such environment parameters as temperature, humidity, ZN, distribution frame, access control, fire alarm, theft alarm, smoke, water, smell and sensor.

Note:

You can click <Refresh> to browse the latest information of the monitoring unit and environment parameter.

After the “Environment Monitoring” tab appears, the system will open the “All Monitoring Units” list by default. Only the “Environment Parameters” tab is displayed at the lower part of the initial window.

6.3 Monitoring Configuration Information

This operation enables you to browse the configuration information of an environment monitoring unit.

1) Select [Environment Monitoring/Browse Environment Monitoring Unit] on the main interface to pop up the “Environment Monitoring” window.

2) Select “All Monitoring Units” or the IP address of a device in "Query Mode”. 3) Select a monitoring unit in the monitoring unit list, right click and select [Query

Environment Monitoring Unit Configuration Info] to pop up the environment monitoring unit configuration information dialog box.



6-5

4) There are three tabs in the dialog box: “Digital Sensor Channel”, “Analog Sensor Channel” and “Fan”.

Click… to…

“Digital Sensor Channel” tab

browse the channel No., name, valid level information of the selected monitoring unit.

“Analog Sensor Channel” tab

To browse the channel No., type, name, unit, working upper threshold, working lower threshold, alarm upper threshold and alarm lower threshold of the selected monitoring unit.

“Fan" browse the fan name, control mode, start temperature, adjust mode, close temperature, adjust parameters and switch status of the selected monitoring unit.

5) Click <OK> or <Cancel> to close the dialog box.

6.4 Related Operations

6.4.1 Configuring Synchronizing Period

This operation enables you to set the automatic synchronizing period mode of the environment monitoring system in the network so as to synchronize the system with the host data in a fixed time interval.


1) Select [Environment Monitoring /Environment Synchronization Cycle] on the main interface to pop up the “Configure Synchronization Cycle” dialog box, as shown in Figure 6-2.

Figure 6-2 Synchronizing cycle configuration dialog box



6-6

2) Select “Interval” in “Cycle Mode”, and then enter the “Time Interval” parameter. 3) Or select “Every Day” in “Cycle Mode”, and then enter the “Starting Time Point”

parameter. 4) Click <OK> or <Apply> to configure the synchronizing period. Click <Cancel> to

abort the operation.


If the configuration succeeds, a “Prompt” dialog box will pop up to prompt that setting the synchronization cycle to the server succeeds.

If the configuration fails, a failure message will appear. After the automatic synchronizing period is set, the system will automatically

synchronize the NMS data with the host data as per the set period.

III. Parameter specification

Parameter Description

Cycle Mode Two modes are available: Interval and Every Day.

Interval The time interval for starting the synchronization with the unit as hour. The range is 6 ~ 72.

Every Day The time point for starting the synchronization everyday.

Note:

For the period mode selection, when the “Interval” mode is selected, only the “Time Interval” parameter can be configured, while the “Starting Time Point” parameter will be grayed. When the Daily mode is selected, the case will be reversed.

Click <OK> to complete the configuration operation and close the dialog box. Or click <Apply> to complete the configuration operation only.

You may synchronize with the host data manually.

6.4.2 Synchronizing Monitoring Unit List

This operation enables you to synchronize the environment monitoring unit with the device information. You can synchronize one or more environment monitoring units with the host data once.


1) Select [Environment Monitoring /Environment Synchronization Cycle] on the main interface to pop up the “Environment Monitoring” window.



6-7

2) In the Monitoring Unit List, select one or more monitoring units, right click and select [Synchronize Environment Monitoring Device], or click the shortcut button

at the upper part of the window to synchronize the data.

3) The “Environment Monitoring Unit Synchronization Result” dialog box pops up displaying the synchronized device name, monitoring object name and synchronizing results.

4) Click <OK> to close the dialog box.


When the operation is completed, a result dialog box pops up. If the synchronization succeeds, the synchronizing result will display “Success”, otherwise, it will display “Failure”.

6.4.3 Synchronizing Environment Monitoring Device

This operation enables you to synchronize one or more environment monitoring devices once.


1) Select [Environment Monitoring/Browse Environment Monitoring Unit] to pop up the “Environment Monitoring " window.

2) Select one or more monitoring unit, right click and then select [Synchronize

Environment Monitoring Device], or click the shortcut button to start the

synchronization process. 3) Click <OK> in the pop-up result dialog box to close it.


After synchronization, the “Environment Monitoring Device Synchronization Result” dialog box will pop up to display the synchronized device name and synchronizing results. If the operation fails, error causes are prompted.

If the synchronization succeeds, the operation success will be prompted, otherwise, the failure will be prompted.

6.4.4 Refreshing Environment Monitoring Unit List

This operation enables you to update one or more environment monitoring unit lists displayed on the topological client with the latest data from the database.



6-8



2) In the “Monitoring Unit" list at the right area of the window, select one or more monitoring units.

3) Right click and select [Refresh] or click the shortcut button on the toolbar to

perform the refreshing operation.


The environment monitoring unit list will be refreshed, keeping consistency with the information of the NMS database and displayed on the interface.

Note:

Only the environment monitoring unit list can be refreshed. After the refreshing is performed, the environment parameters, power information will disappear from the lower part of the window and will not reappear until another monitoring unit is selected.

6.4.5 Browsing Legend

This operation enables you to browse different legends that stand for the current statuses of the monitoring unit.



2) Select a monitoring unit in the monitoring unit list at the right part of the window. 3) Right click and select [Show Legend] to pop up the "Show Legend” dialog box. 4) Browse the monitoring statuses of different legends. Then click <OK> to close

the dialog box.


The status information indicated by different legends can be browsed, as shown in Table 6-1.



6-9

Figure 6-3 Legend

Table 6-1 Legend

Legend Status

Normal

The monitoring board is disconnected from the host

Faulty

Abnormal

Configuration

The host is disconnected from the NMS


Chapter 7 Database Backup Tool

7-1


The Database Backup Tool can be used to back up and restore NMS databases automatically and manually. In case of NMS database failure, the user can restore the database with the latest backup so as to minimize the loss and ensure the reliability of the NMS. The Database Backup Tool also supports remote maintenance of the NMS database in a centralized manner, making the operations easy and efficient.

7.1 Functions

7.1.1 Starting/Exiting a Database Backup Tool


1) From the "Start" menu, select [Program/iManager N2000/DBBackup Client] or

click the desktop shortcut icon to start the database backup tool. 2) If database servers have already been configured, select the node of the server to

be logged in to, input the password (password of the "N2000user") in the user login window, and then click <OK> to log in to the server. See Figure 7-1.



7-2

Figure 7-1 Database backup tool

3) Select [System/Exit] to exit the tool and close the "Database Backup Tool" window.

Note:

In the database backup tool window, the password for the database login is the password of the "N2000user". It is a sole user for the NMS to connect the database and specified during the NMS server installation.

In the preceding section, the method to start the database backup tool on the Windows operating system is introduced. On the Solaris operating system, the method to start the database backup tool is as follows: On the CDE, right click and then select [Applications/iManager N2000/DBBackup Client] to display the "Database Backup Tool " window. Other operations are the same on the two operating systems.

7.1.2 Viewing a Database

This operation enables you to view basic information of an NMS database, including the database size, used size, and creation date.



7-3

1) Start the database backup tool and log in to the server node where you want to view the database.

2) Select [View/Database] and select the desired database in the "All Database" area. Detailed information of the database then appears in the "Description" area, including database name, size, used size and creation time. See Figure 7-2.

Figure 7-2 Viewing a database

7.1.3 Viewing Logs

This operation enables you to view logs of the operations on the NMS through the database backup tool. If multiple database backup tools are used to perform operations on one NMS database server, you can view the same logs kept for the server.

1) Start the database backup tool and log in to the server node to be configured. 2) Select [View/Log] and then set parameters in the "View Log" area.

Log Type: Select the type of logs to be viewed, including "All", "Backup" or "Restore".

Time: Select the segment you want to view, including "Latest Month", "Latest Three Months", "Latest Half Year" or "Latest One Year".

3) After completing the settings, click <Next>. The matching logs then appear in the "Operation Log" area.



7-4

Figure 7-3 Viewing logs

7.1.4 Configuring a Database Server

You should configure a database server before backing up and restoring it.

1) Start the database backup tool. 2) Use the adding or deleting operation to configure a database server. 3) To add a database server, select [System/Add Database Server] and set the

following parameters in the "Add Database Server" area. Server Name: Enter the ID of the server you want to add. It can be any character

string, but it must not be identical to an existing one. By default, it is "N2000DBServer".

IP Address: Enter the IP address of the server you want to add. It should be expressed as a dotted decimal notation. By default, it is 127.0.0.1.

Description: Enter the description information about the server you want to add.

After completing the settings, click <Add>, a dialog box appears prompting the operation success. After confirmation, the server node appears in the NMS database explorer.

4) To delete a database server, select the desired server node on the NMS database explorer. Select [System/Delete Database Server]. A prompt dialog box then appears showing the operation success. After confirmation, the selected NMS



7-5

database server is deleted and the corresponding server disappears from the NMS database explorer.

Note:

The server name must be unique at the terminal. That is to say, it must not be identical to an existing one.

If the NMS database server does not exist, you cannot log in.

7.1.5 Configuring a Database Set

According to different backup/restoration requirements, one or multiple databases in the NMS database server are distributed to different sets so that all backup/restoration tasks can share them. One database can be distributed in multiple database sets.

1) Start the Database Backup Tool and log in to the server node to be configured. 2) Select [Configuration/Database Set] and configure the database sets. 3) To add a database set, click <Add> and configure the following parameters:

Set Name: Enter the name of the database set you want to add. Database for Selection: Shows all databases in the server you can choose from. Selected Database: Shows the databases already contained in the database set.

Use or to add databases in or delete databases from the database set.

After setting the parameters, click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the database set appears in the "All Database Sets" area.

4) To delete a database set, select the desired database set in the "All Sets" area, and click <Delete>. Details about the database then appear, including Database Set Name and Database in Set. Click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the database set disappears from the "All Database Sets" area.

Note:

The name of a database set can be any character string, but it should not be identical to an existing one.



7-6

7.1.6 Configuring an Auto Backup Policy

Perform the following operations to add, delete and modify the backup period and start time for auto backup tasks.

1) Start the Database Backup Tool and log in to the server node to be configured. 2) Select [Configuration/Auto Backup Policy] and configure the auto backup policy. 3) To add an auto backup policy, click <Add>, and configure the parameters below in

the "Add Time Policy" area: Time Policy Name: Enter name of the auto backup policy you want to add. Backup Frequency: Select "Day", "Week" or "Month". If you selected "Week", you

should also set the specific day of the week using the corresponding check box, ranging between Monday~Sunday. If you selected "Month", you should also set the specific date of the month from the "Every month no" drop-down list, ranging between 1~31(Day).

Start Time: Set the start time for the backup task, ranging between 0~23(o'clock).

After setting the parameters, click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the auto backup policy appears in the "All Time Policies" area.

4) To modify an auto backup policy, select the desired auto backup policy in the "All Time Policies" area. Click <Modify> and set the parameters below in the "All Time Policies" area.

Backup Frequency. Start Time.

After setting the parameters, click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the auto backup policy information is refreshed.

5) To delete an auto backup policy, select the desired auto backup policy in the "All Time Policies" area, and then click <Delete>. Details about the auto backup policy then appear, including Time policy name and Time policy info. Click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the auto backup policy disappears from the "All Time Policies" area.

Note:

The name of an auto backup policy can be any character string, but it must not be identical to an existing one.



7-7

7.1.7 Configuring a Backup Device

This operation enables you to configure the backup device type and backup path.

1) Start the Database Backup Tool and log in to the server node to be configured. 2) Select [Configuration/Backup Device] and configure the auto backup device. 3) To add a backup device, click <Add>, and then set the parameters below in the

"Add Backup Device" area: Backup Device Name: Enter name of the backup device you want to add. Backup device type: Set type of the backup device, including "Disk" and "Tape". Backup to: Set the physical path of the backup device. If you selected "Disk" as the

backup device type, enter a directory name, which is the "backup" subdirectory under N2000 installation directory by default. If you selected "Tape" as the backup device type, select name of the desired tape from the corresponding drop-down list.

After setting the parameters, click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the backup device appears in the "All Backup Devices" area.

4) To delete a backup device, select the desired backup device in the "All Backup Devices" area, and then click <Delete>. Details about the backup device then appear, including Backup device name and Backup device info. Click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the backup device disappears from the "All Backup Devices" area.

Note:

The name of a backup device can be any character string, but it must not be identical to an existing one.

By default, the name of a "Tape" backup device is the tape name. The tape cannot be used for backup before initialization. You can select the tape in the "All Backup

Devices" field and click <Initialize Tape>.

7.1.8 Manual Backup

Manual backup allows you to back up a database instantly. To do so, you should select a database set and a backup device.

1) Start the database backup tool and log in to the desired database server node. 2) Select [Operation/Manual Backup], select the desired database set in the "Select

database set to backup" area, and then click <Next>.



7-8

3) Select the desired backup device in the "Selection backup device" area, and then click <Finish>.

4) The system begins to backup the database, and please wait. After the backup, a prompt dialog box appears showing the operation success.

Note:

The manual backup should be performed when the NMS server load is slight. To reduce workload of daily maintenance, you are recommended to use auto backup function and take the manual backup as a complement.

7.1.9 Configuring an Auto Backup Task

This operation enables you to configure an auto backup task so that the system can perform the backup at the specified time.

1) Start the Database Backup Tool and log in to the server node to be configured. 2) Select [Operation/Auto Backup Task], and then add or delete auto backup tasks. 3) To add an auto backup task, click <Add>.

Select the desired backup database set in the "Select database set" area, and then click <Next>.

Select the desired backup policy in the "Select time policy" area, and then click <Next>.

Select the desired backup device in the "Select backup device" area, and then click <Finish>.

A prompt dialog box then appears showing the operation success. After confirmation, the backup task appears in the "All Time Backup Tasks" area.

4) To delete an auto backup task, select the desired backup task in the "All Time Backup Tasks" area, and then click <Delete>. Details of the auto backup task then appear, including name and other information of the auto backup task. Click <Finish>. A prompt dialog box then appears showing the operation success. After confirmation, the auto backup task disappears from the "All Time Backup Tasks" area.



7-9

Note:

You should configure the desired database set, auto backup policy and backup device before configuring the auto backup task.

In order not to affect normal maintenance during the backup, it is recommended that the auto backup operation be perform during 00:00 ~ 06:00.

7.1.10 Restoring a Database

This operation enables you to restore a database from the backup in case of any error to minimize the loss.

1) Start the Database Backup Tool and log in to the desired database server node. 2) Select [Operation/Restore Database], select the desired backup device in the

"Select backup device" area, and then click <Next>. 3) Select the desired database set in the "Select database set to restore" area, and

then click <Next>. 4) Select the desired backup record in the "Select one backup" area, and then click

<Finish>. 5) The system begins to restore the database, and please wait. After the restoration,

a prompt dialog box appears showing the operation success.

Caution:

Before restoring the database, please make sure that no user is accessing to the database. Otherwise, the restoration may fail.

It is suggested that you shut down all the processes except the "database backup" process before restoration.

7.2 Backing Up/Restoring a Database

To minimize the loss in case of NMS database failure, you need back up the database periodically, so that the database can be restored in case of failure.

Backing up/restoring one NMS database experiences the following three phases:

1) Preparations: In this phase, you need configure the desired NMS database, database set, backup policy and backup device.



7-10

2) Backing up database: In this phase, you need determine the database backup method and back up the NMS database.

3) Restoring database: In this phase, you need to determine the NMS database you want to restore and restore it.

7.2.1 Preparations

For the sake of convenience, the configuration items necessary in the database backup/restoration are configured separately. The configuration results are also saved so that all backup/restoration tasks can share them.

Before backing up/restoring a database, you should make these preparations:

Configuring a database server Configuring a database set Configuring an auto backup policy Configuring a backup device

Note:

You should configure a database server before backing up or restoring the database.

7.2.2 Backing Up a Database

Database backup is an important operation to guarantee normal operation of the system. Two backup modes are available, namely manual backup and auto backup.

Manual backup is to backup a database immediately. After manually configuring the backup database set and backup device, you can back up the database immediately.

Auto backup means that the system backs up a database automatically. After an auto backup task is set, the system will automatically back up the database at the specified time. For details, see 7.1.9 Configuring an Auto Backup Task.

Note:

You should set an auto backup task before the auto backup is performed.



7-11

7.2.3 Restoring a Database

This operation enables you to restore a database from a backup record in case of any error to minimize the loss.

For details, see 7.1.10 Restoring a Database.

User Manual HUAWEI iManager N2000 Fixed Network Integrated Management System Chapter 8 System Monitor

8-1

Chapter 8 System Monitor

Using the system monitor, you can view the information about the NMS server processes in a centralized manner.

The system monitor also enables you to start and stop processes and set process start mode. These functions can be used as emergent measures for troubleshooting. As for daily operation, you need only view the desired information instead of performing other operations in order to avoid unexpected trouble which may affect system running.

8.1 Starting/Exiting a System Monitor 1) From the "Start" menu, select [Application/iManager N2000/N2000 SysMonitor]

or click the desktop shortcut icon to display the user login dialog box, as shown in Figure 8-1.

Figure 8-1 User log in

2) In the dialog box, input the login password ("N2000" by default) and set the NMS server to be logged in. Then the "System monitor" window is opened, as shown in Figure 8-2. In the dialog box, you may maintain the NMS server process, databases, system resources, hard disk and version information.


8-2

Figure 8-2 System monitor

Besides, you may click <...> next to the "Server" drop-down list in the user login dialog box to display the server setting dialog box. In the dialog box, you may set login servers by adding, modifying or deleting operations so that the user may switch to other servers. Here the IP address is shown in dotted decimal notation, and the default port No. is 9800 which need not be set by the user.

Note:

In the preceding section, the method to start the system monitor on the Windows operating system is introduced. On the Solaris operating system, the method to start the system monitor is as follows: On the CDE, right click and then select [Applications/iManager N2000/N2000 Monitor] to display the user login dialog box. Other operations are the same on the two operating systems.

8.2 Starting/Closing an NMS Server

This operation enables you to start and close an NMS server through the system monitor.

1) Start the system monitor.


8-3

2) In the “System monitor” window, select [System/Start Server]. The system then starts all the processes. You can view the operation status of each process in the "Process” tab.

3) In the “System monitor’" window, select [System/Stop Server]. In the confirmation dialog box that appears, click <OK>. Then all the processes of the NMS server will be stopped in 30 seconds, and the system will notify all the online clients to log out.

Caution:

Stopping the NMS server may result in client disconnection, unsaved data loss, and further operation interruption. So exercise caution when doing so.

8.3 Querying Processes

The system monitor enables you to view the processes of the NMS server in a unified manner.

The system monitor also enables you to start/stop processes and set process start mode. These functions can be used as emergent measures for troubleshooting. As for daily operation, you need only view the desired information instead of performing other operations in order to avoid unexpected trouble which may affect system running.

I. Operation Procedures

1) Start the system monitor. 2) Click the "Process" tab. The tab lists the details of all manageable processes,

including: Name, State, Start Mode, CPU, Memory, Restart Times, Start Time, Server Name and Description.

II. Parameter Specifications

[Start mode]: Auto start, Manually start, or Forbidden start. "Auto start" is to exit and then automatically restart a process when it is abnormal. "Manually start" is to exit an abnormal process and then restart it manually. "Forbidden start" is to prohibit a process from being started from the system monitor.

[Restart Times]: It refers to the times a process has been exited and restarted since the startup of the NMS Server.


8-4

[Description]: It describes the services that can be provided by a process or which module the process belongs to.

Note:

After selecting one or multiple processes in the process list, you can right click and then perform the following operations:

Start process: Starts the selected processes that are not started. Stop process: Stops the selected processes that are started. Start mode: Sets the start mode of the selected processes. Refresh: Updates the details of the selected processes.

8.4 Querying Database Information

This operation enables you to query detailed information of all manageable databases.

1) Start the system monitor. 2) Click the "Database" tab. This tab lists details about all manageable databases of

the current NMS Server, including Name, Server Name, Size, Free Space, Used Rate, Data Size, Log Size and Last Backup Time.

8.5 Querying System Resource Information

This operation enables you to query the system resource information of the computer where the current NMS Server is located.

1) Start the system monitor. 2) Click the "System Resource" tab. This tab lists the system resource information

of the computer where the current NMS Server is located, including Server Name, CPU, Physical Memory, Used Memory and Available Memory.

8.6 Querying Disk Information

This operation enables you to query the disk partition information of the computer where the current NMS Server is located.

1) Start the system monitor. 2) Click the "Disk" tab. This tab lists the disk information of the computer where the

current NMS Server is located, including Server Name, Operation System, System Partition, Total Size, Used Size, Available Size and Used Rate.


8-5

Note:

To ensure reliable running of the NMS, when the disk space used by the NMS partition exceeds a certain threshold, the system will automatically send a disk alarm to prompt the user to clean the disk space. When the used disk space is lower than the threshold, the system will send a recovery alarm.

8.7 Querying Component Information

This operation enables you to query information of the components installed on the NMS server you have logged in to.


1) Start the system monitor. 2) Select the "Component" tab. This tab lists the information about the components

that have been installed on the current NMS Server, including Name, Version and Description.

II. Parameter Specifications

[Name]: Name of the component that has been installed on the NMS Server.

[Version]: The version information of the component.

[Description]: Description of the current component.

8.8 Setting a System Monitor

This operation enables you to set the system information refresh mode and refresh interval.


1) Start the system monitor. 2) In the main window of System Monitor, select [System/Monitor Setting] to pop up

the "System Monitor Setting" dialog box. 3) In the dialog box, set the refresh modes for "Process", "Database", "System

resource" and "Disk". If you select auto refresh, you should set a refresh interval.

II. Parameter Specification

By default, the refresh interval is as follows:

Process: 60 seconds. Database: 600 seconds.


8-6

System resource: 60 seconds. Disk: 60 seconds.

Note:

If auto refresh is not used, you can select the information you want to view and click [Refresh] to manually refresh it.


Chapter 9 NMS Security Policy

9-1


9.1 Overview The iManager N2000 is based on Solaris 8/Windows operating system and large database system (such as SYBASE or SQL Server). Its security involves four aspects: operating system, database, NMS application software, and network. The security negligence in any aspect will result in the vulnerability of the NM software system in case of attacks, thus undermining the security of the equipment managed by the NMS. The following lists several frequently occurred problems:

When installing the NMS workstation operating system and the NMS, the default user name/password "root/root" and "admin/N2000" are used respectively, which are easy for attackers to dope out. Once the attacker obtains the password of the super-user, he/she can control the whole NMS, and can further control or destroy the equipment managed by the NMS.

The Solaris 8 operating system patch is not installed or updated in the NMS workstation timely, the NMS workstation may be attacked by illegal visitors.

The services such as Telnet, FTP, TFTP and RCP have lots of bugs and are vulnerable to attacks. For example, the operating system type is shown during Telnet logon, providing attackers with the important information; the authority of user root for logging on to the workstation in Telnet service is not masked, neither is in FTP service, which are very dangerous.

In SNMP parameters, the default read and write community names are public and private respectively, which are easy for attackers to dope out. The equipment information can be obtained and even modified by use of SNMP tool.

The Access Control List (ACL) for broadband equipment is set inappropriately, that is, IP addresses of the devices able to access are of too big range. If the NMS workstation adopts private network address, it is possible that the users of the equipment managed by the NMS workstation access the NMS workstation directly, MA5200, for example, may suffer from attacks from internal network.

9.2 Security of Operating System Only if the system administrator establishes a set of strict security regulations, can the running reliability of the operating system be ensured effectively. This section outlines the security policy for the operating system, summarizes the aspects that the system administrator should implement necessary security configurations, and then describes them in details based on the actual conditions, which may ensure a secure server finally.



9-2

9.2.1 Security Policy for UNIX System

The Solaris operating system used by the NMS workstation enjoys the security level B1. It has passed ITSEC certification and provides firewall. In addition, the SYBASE database used by the NMS workstation also enjoys the security level B1.

I. Physical security

Data are backed up in a disk dedicated for data recovery; The workstation ensures stable power supply by use of Uninterrupted Power

Supply (UPS);

Security measures for users:

Lock the screen or log off from the workstation before leaving; Do not write down the password or password prompt where it is easily found by

others; Prevent others from reading the contents on the screen by executing the

xauth/xhost command; Do not set any welcome banner. Only the authorized user can access the NMS

workstation.

II. Network configuration security

Filter:

Disable needless services in inetd.conf. Disable "r" series services. Routers filter messages on ports (TCP) 512, 513 and 514. Create ACL /var/adm/inetd.sec only for the equipment allowed to access. Unnecessary services are filtered from the route, and only necessary services will

be reserved; TCP wrappers is adopted to provide more powerful access control and log

functions; If the NMS workstation is required to access the Internet, it is recommended to

install a firewall.

Router:

Close source sending; Apply filter to ensure that the source addresses of the information packets sent

from the external network are not the same as the IP addresses of the internal network;

Ensure that only authorized host names are stored in system files such as Network File System (NFS), hosts.equiv and so on;

Try not to use the file hosts.equiv or .rhosts; If the .rhost or .netrc file is to be used, the authority must be set to 600.



9-3

III. System service security

1) File /etc/inetd.conf

The authority of the file is set to 600, the authorized user is root, and needless services are disabled.

2) File /etc/services

The authority of the file is set to 644, and the authorized user is root.

3) tcp_wrapper

All allowed services in /etc/inetd.conf are protected. If any allowed User Datagram Protocol (UDP) service is required to be protected, the nowait parameter must be enabled in /etc/inetd.conf.

4) File /etc/aliases

"#" is added at the beginning of the line to disable the alias "decode". To validate the modification, /usr/bin/newaliases must be run.

5) File /etc/hosts.lpd

The first character in the file is not "-", the authority of the file is set to 600, the authorized user is root, there is no "!", "#" or other screen mark in the file, and install the newest patch.

6) sendmail

The newest sendmail should be used. If using the sendmail offered by the operating system, you must ensure that the latest security patch has been installed. The sendmail used has prohibited wizard password. If there is a line beginning with "OW" in /etc/sendmail.cf, only one "*" will be followed. You need to modify the minimum log level of sendmail (8) to 9, which can facilitate detecting the sendmail bugs.

7) fingerd

Do not use this service unless necessary, for the attackers may obtain important user information from it. The newest fingerd software should be used.

8) tftp

Do not use this service unless necessary. If you have to use it, be sure to set directory access restriction in the file inetd.conf.

9) Telnet

The newest patch should be made. You may replace the telnet service with a safer version, for the telnet protocol transmits data (including user name and password) in plain text over the network. The NMS workstation can disable this service in normal state, and only enable it when remote maintenance is needed.

10) FTP

The newest ftp program should be adopted. All system users (such as uucp, bin, root and so on) are stored in the file /etc/ftpusers. Try to set the least users and the minimum



9-4

authorities. Run FTP log and view the log frequently. Try to make the folders write protection. Check all default configurations in the ftp program, and ensure that the ftp program has no SITE EXEC command. If the workstation only functions as the NMS, the FTP service can be disabled.

IV. Account security

1) Password

All accounts have valid passwords, but only account root can be enabled with UID 0 authority. Do not set the passwords to guessable or common words (which can be deciphered by the crack tool). Do not use .netrc files. In case of illegal logon, the account should be prohibited.

2) Account root

To check the files of "root", you are only allowed to log on from the console. There should be no "." in directory variables, and a robust password shall be set. Do not log on as root, but as a common user and then switch to "su" with the root authority. Ensure that there is no file belonging to other users or writable for everyone in the executable file for root logon. Use the shell dedicated to root, set umask to 077, which can be modified to 022 when necessary. Use complete path execution command, and prohibit any folder writable for other users than root existing in the directories of root. Ensure that account root has no ~/.rhosts file, and that there is no file belonging to other users or writable for everyone in the cron job file.

3) Anonymity account

It is only allowed to use when necessary. You need to modify the account guest to another account, and set a robust password. Use restricted shell and set umask to 077.

4) Ordinary user account

When an account is not used any more, it should be removed. Do not share one account. Set umask to 077 and use the restricted shell as possible.

V. File system security

1) NFS

NFS should be disabled if it is not required. If required, it should be enabled and installed with the newest patch. NFS flow is filtered by routers on TCP/UDP port 111 and 2049, which can prevent the hosts in external network from accessing the file system exported from your host. Be cautious when using the file /etc/exports, and there should be no "localhost" in this file. Set the permission of /etc/exports to 644 and the authorized user of /etc/exports to root. Use showmount -e to view the current output. Allow reading only and no suid bit. Adopt a complete and valid host name.

2) Equipment file

Equipment files /dev/null, /dev/tty and /dev/console should be ensured writable globally, but not executable. Most equipment files should be made read protection and write



9-5

protection for ordinary users. Mount the external file system/equipment with non-setuid and read-only.

3) Script

Do not write setuid/setgid bit in a shell script, and replace them with c. Complete directory shall be used in a script.

4) System configuration file

If no "r"-series service is employed, the file /etc/hosts.equiv must be deleted or its name must be modified. In this way, even if an "r"-series command is enabled by chance, no problem will occur. If the file /etc/hosts.equiv is to be used necessarily, only the minimum number of trusted hosts, who are within the legal domain or under control, will be listed. The host name should be in complete format, hostname.domainname.cn for example. There should be no "+" entry, "!", "#" or other screen mark in the file. The first character in the file should not be "_", the authorized user should be root, and the authority of the file should be set to 600. If the file $HOME/.rhosts is not to be used, the home directory of each user has no .rhosts file, which enjoys less security than the file /etc/hosts.equiv, for each user can create it. Use cron to check and report the contents of the .rhosts files periodically, as well as delete it. The user should know that this audit is done in cycle. If the file $HOME/.rhosts is required to be used, its first character should not be "_", its authority should be set to 600, its authorized user should be the corresponding account, and it has no "+" entry, "!", "#" or other screen mark.

5) Files run by user root

Ensure that all the files run by root are authorized to root. The following files should be checked for root:

~/.login, ~/.profile and similar logon initialization files

~/.exrc and similar program initialization files

~/.logout and similar logon session clearing files

crontab and at entries

Files in NFS partitions

/etc/rc* and similar system start and end files

6) File authorities

The authority of /etc/utmp, /etc/state and /etc/syslog.pid is set to 644, and that of /etc/sm and /etc/sm.bak is set to 2755. You may cancel the read-only authority of the files that the user need not access. For the core of the operating system (/vmunix for example), its authorized user is root, group ID is 0, and the authority is set to 644. Temporary file directory (for example, /tmp) is set with sticky-bit, unnecessary SUID files and SGID files are removed, and umask is set to 027 or 077. Under /dev are special files (/dev is the only directory for storing special files). The authority to start and end system script is not 666.



9-6

VI. Security test

Ensure that the newest patch released by the operating system provider has been installed;

Use network scan tool such as SATAN to test network security frequently; Use tool such as COPS to detect various systems frequently; Use intruder detection tool such as TIGER if user root is intruded; Use decipher tool such as CRACK periodically, so as to ensure the password

confidentiality; Run the Tripwire encryption file; View log files regularly, such as btmp, wtmp, syslog, sulog and so on; Send any suspicious information to the system administrator automatically.

VII. Guide to operation security

The aspects that are important to the NMS workstation security have been listed in the above text, but not each aspect must be implemented on the workstation. Modification is allowed depending on the actual situation on site. The commands that may be used during system check are listed below:

Restart inetd

# /bin/ps -aux | /bin/grep inetd | /bin/grep -v grep

# /bin/kill -HUP <inetd-PID>

List registered rpc services

# /usr/bin/rpcinfo –p

Re-establish alias mapping

# /usr/bin/newaliases

Test whether sendmail wizard password is enabled% telnet hostname 25

wiz

debug

kill

quit

%

Show the response "5nn error return", otherwise update sendmail.

Set the log level of sendmail to 9

In the general information part of the sendmail configuration file:

O LogLevel=9

Set syslog level for message mail

/etc/syslog:

mail.info /dev/console



9-7

mail.info /var/adm/messages

# kill –HUP <syslog-pid>

Test whether ftpd supports SITE EXEC

Ordinary users:

% telnet localhost 21

USER username

PASS password

SITE EXEC

Anonymity users:

% telnet localhost 21

USER ftp

PASS [email protected]

SITE EXEC

If not supported, a response "5nn error return" will be shown.

Find .exerc files

# /bin/find / -name '.exrc' -exec /bin/cat {} \; -print

Find writable files and directories of one group or all users

# /bin/find / -type f $ -perm -2 -o -perm -20 $ -exec ls -lg {} \;

# /bin/find / -type d $ -perm -2 -o -perm -20 $ -exec ls -ldg {} \;

Find the files with SUID bit and SGID bit

# /bin/find / -type f $ -perm -004000 -o -perm -002000 $ -exec ls -lg {} \;

Find common files under /dev

# /bin/find /dev -type f -exec ls -l {} \;

Find block or character files

# /bin/find / $ -type b -o -type c $ -print | grep -v '^/

Cancel default route and only set route to the managed network segment

To delete the default route, just delete "router add default IP" at the end of the file /etc/rc3 or delete the file /etc/defaultrouter directly; add the route to the managed network segment at the end of the file /etc/rc3, that is, router add + the managed network segment;

Modify the password of the NMS workstation superuser and that of the NMS user

#passwd root Modify the password of root

#passwd n2kuser Modify the password of n2kuser

Install the newest operating system patch



9-8

Install the newest Solaris patch released on the bulletin board of the Technical Support Dept. of Huawei. Do not download the latest patch directly from the website of SUN Corporation, for the installation of the patch that has not been tested by the Technical Support Dept. may affect the normal running of the NMS.

Mask telnet prompt and root logon function of the telnet and ftp services

A. Mask telnet prompt

The telnet prompt will make system information and version number divulged, which will cause attacks, so the default prompt need be modified.

1. Create the file /etc/default/telnetd

touch /etc/default/telnetd

2. Add BANNER into the file

Edit the file

Banner=""

Or add copyright information

Banner="\n\nThis is a protected System by property right law.\nDon't try to crash in.............\n\n"

3. Modify the file to be read-only for all users

chmod 444 /etc/default/telnetd

B. Mask root logon function of the telnet service

To mask the root logon function of telnet, ensure that the item "CONSOLE=/dev/console" is effective in the file /etc/default/login; if this item is canceled, delete the mark "#".

C. Mask root logon function of the ftp service

To mask the root logon function of ftp, just ensure that the item "root" is not canceled or deleted in the file /etc/ftpusers.

Check network services closed unsafely

You can close network services by modifying the specific contents in the file inetd.conf. Note to back up the file before modification.

#cp inetd.conf inetd.conf.bak

Open the file “/etc/inetd.conf" with vi editor. Search for the lines containing the keywords of the services to be closed in the file, and add "#' at the beginning of the lines, so as to comment it out. And then save the file and exit.

The following lists the operation procedures of shutting down each service.

1) Shutting down "sadmind” service

Find the following line in the file “/etc/inetd.conf”:

100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind



9-9

Add "#' at the beginning of the line, as shown in the following:

#100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind

Save the modification and exit.

After the comment, use the following command to prohibit the execution of “rpc.sadmind”:

# chmod 000 /usr/sbin/sadmind

2) Shutting down “tooltalk RPC” service


100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd

Add “#’ at the beginning of the line, as shown in the following:

#100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd


3) Shutting down “Solaris in.lpd” service

Find the lines containing “printer” in the file “/etc/inetd.conf”:

printer stream tcp6 nowait root /usr/lib/print/in.lpd in.lpd


#printer stream tcp6 nowait root /usr/lib/print/in.lpd in.lpd


4) Shutting down “snmpXdmid” service

# mv /etc/rc3.d/S77dmi /etc/rc3.d/K07dmi

# /etc/init.d/init.dmi stop

# chmod 000 /usr/lib/dmi/snmpXdmid

5) Shutting down “finger” service


finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd


#finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd


6) Shutting down “rexecd” service


exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd

exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd


#exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd



9-10

#exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd


7) Shutting down “rsh” service


shell stream tcp nowait root /usr/sbin/in.rshd in.rshd

shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd


#shell stream tcp nowait root /usr/sbin/in.rshd in.rshd

#shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd


8) Shutting down “Chargen” service


chargen stream tcp6 nowait root internal

chargen dgram udp6 wait root internal


#chargen stream tcp6 nowait root internal

#chargen dgram udp6 wait root internal


9) Shutting down “daytime” service


daytime stream tcp6 nowait root internal

daytime dgram udp6 wait root internal


#daytime stream tcp6 nowait root internal

#daytime dgram udp6 wait root internal


10) Shutting down “echo” service


echo stream tcp6 nowait root internal

echo dgram udp6 wait root internal


#echo stream tcp6 nowait root internal

#echo dgram udp6 wait root internal

11) Shutting down “FTP” service


ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd



9-11


#ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd


12) Shutting down “L.rquotad RPC” service


rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad rquotad


#rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad rquotad


13) Shutting down “rlogin” service


login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind


#login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind


14) Shutting down “rstatd RPC” service


rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd

rpc.rstatd


#rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd

rpc.rstatd


15) Shutting down “rusersd RPC” service


rusersd/2-3 tli rpc/datagram_v,circuit_v wait root

/usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd


#rusersd/2-3 tli rpc/datagram_v,circuit_v wait root

/usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd


After the comment, use the following command to prohibit the execution of “rpc.rusersd”:

# chmod 000 /usr/lib/netsvc/rusers/rpc.rusersd

16) Shutting down “sprayd RPC” service



9-12


sprayd/1 tli rpc/datagram_v wait root /usr/lib/netsvc/spray/rpc.sprayd

rpc.sprayd


#sprayd/1 tli rpc/datagram_v wait root /usr/lib/netsvc/spray/rpc.sprayd

rpc.sprayd


17) Shutting down “walld RPC” service


walld/1 tli rpc/datagram_v wait root

/usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld


#walld/1 tli rpc/datagram_v wait root

/usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld


After the comment, use the following command to prohibit the execution of “walld”:

# chmod 000 /usr/lib/netsvc/rwall/rpc.rwalld

Note:

To modify the file “inetd.conf”, you can also use the “dtpad” text editor. The usage of it is same as that of the Notepad in Windows. Use the following commands to start “dtpad”” # cd /usr/dt/bin # ./dtpad

9.2.2 Security Policy for Windows System

I. Ensuring all partitions in NTFS Format

The disk partitioned in NTFS format is provided with powerful access control function, which can prevent data from being divulged and being modified. The partitions in other formats such as AT, FAT32 or FAT32x do not support this function. Therefore, you need to confirm that each partition of the server is set in NTFS format first. For the partitions in FAT format, you can convert them into NTFS format completely by running "convert" program. However, it must be noted that the disk drive converted will be enabled with full control authority to everyone after "convert" is run, which is very dangerous. To



9-13

resolve this problem, the software "fixacls" provided in Windows NT ServerResource Kit can be used to re-configure more reasonable authority for the disk drive.

II. Setting a robust password for "Administrator"

Windows 2000 supports a maximum of 127 characters for password. In general, a long password is more robust than a short one, and a password consisting of multiple types of characters (that is, letters, digits, punctuation or non-print ASCII codes) is more robust than one formed by a single type of characters (that is, all digits or letters). Therefore, to ensure security to the utmost, you need set a password with at least nine characters for Administrator, of which the first seven characters should include at least one punctuation mark or non-print character (non-print characters are special characters generated by pressing the <ALT> key and at the same time typing digits in small keyboard). In addition, if a system administrator is in charge of several servers, the Administrator's password for each server should be different.

III. Disabling needless services

After installing Windows 2000 Server, you should disable all network services not supported by the server. It should be considered that whether the server needs to run any IIS component and "files and printer sharing" service. Unless especially necessary, it is prohibited to install other applications such as e-mail client program and office product on the server. In a word, do not install any unnecessary applications.

IV. Prohibiting or deleting needless accounts

You need check the user account lists regularly, and prohibit or delete those accounts not used frequently, account Guest for example. The authorities for access to files, directories and registry should be set reasonably based on the actual demand. It is recommended to modify the default access authorities for files, directories and registry after Windows 2000 is installed.

V. Deleting all unnecessary file sharing services

It is suggested to delete all unnecessary file sharing services in the system, so as to reduce information leakage risk. By default, the registry can not be accessed by anonymity visitors, and remote access to it is also supported. However, the users with remote access authorities are only Administrators in general. To achieve it, you need to modify the registry by the following steps:

1) Open registry editor by typing Regedt32.exe in the "Run" dialog box. 2) Add the key value shown below:

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

3) Select the node "winreg", and then select [Security/Authority]. A dialog box "winreg authority" pops up.



9-14

4) Set the authority of Administrator to Full Control, and confirm that there is no other user or group in the list, and then click <OK>.

By setting the key value in the registry, you can control the users or groups who have the remote access authority.

VI. Preventing access to LAS information by anonymity visitors

Local Security Authority (LSA) is in charge of processing user logon and identify authentication on local computers. As LSA information is very important, anonymity visitors should be restricted from accessing it. To achieve it, you need to modify the registry by the following steps:

1) Create a key

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous

2) Specify its value to 1 and the type to REG_DWORD

VII. Setting robust passwords

Passwords should be set by the principles as follows:

1) The minimum length of a password is eight characters. 2) The minimum duration for password expiry should be set appropriately, which is

1-7 days generally. 3) The maximum duration for password expiry should be set appropriately, which is

no more than 42 days generally. 4) At lease the latest six passwords set should be reserved, that is, the password set

currently cannot be the same as any one of the latest six passwords set.

VIII. Setting user account locking strategy

Account locking means that if the failed logon times of an account exceed the number set by Administrator, this account will be prohibited automatically and cannot be used until Administrator enables it again. It is recommended to set the allowed failure times to 3-5. There is a program passprop.exe in Windows NT Resource Kit, which can be used to set the accounts that cannot be accessed by management tool. For example, to set account locking strategy for Administrator, carry out the following command:

passprop /adminlockout

IX. Re-configuring account Administrator

Administrator is a superuser with highest authority. Due to its important role, it is attacked most frequently. Therefore, you need to reconfigure the account Administrator after installation, so as to ensure the security to the utmost. The following actions are recommended:

1) Rename Administrator as myadminok or mygod and other unremarkable names.



9-15

2) Re-create another account Administrator, but no authority is assigned to it, so as to distract attention. View log files frequently to check whether there is any illegal attempt with this account, so as to take actions timely.

3) Use the program passprop to set account locking strategy for the real Administrator.

4) Prohibit the account Administrator on the local computer.

X. Installing and updating anti-virus software

Since computer virus is more and more damaging, it has become a necessity to install anti-virus software on the server and to update it in time.

XI. Installing newest SP and Hotfixes patch

You should keep an eye on the newest information about SP and hotfixes released by Microsoft Corporation, and install the latest SP patch and hotfixes patch based on the specific environment. The patches developed by Microsoft are of two types: ServicePack (SP) and HotFixes. SP is a big patch collecting HotFixes released within a time period. It is named as SP1 or SP2 generally and released every a certain period of time. HotFixes are small patches, released within the period between the current SP and the next one. It aims to removing the system bugs newly released in Security bulletin on Microsoft website, and it is named by "MS year-sequence number". For example, MS01-044 indicates the 44th HotFixes in 2001.

9.3 Security of NMS Database In daily maintenance, both manual backup and automatic backup are employed. In order to simplify daily maintenance, you can adopt automatic backup as the active mode, and manual backup as the standby mode. The following are some suggestions for backup:

In order not to affect the normal maintenance during backup, it is recommended to carry out automatic backup between 00:00 and 06:00, and perform manual backup when the NMS server load is low.

When creating automatic task, it is suggested to carry out DBCC database operation before backing up the database, and carry out DBCC table set operation before backing up the DBCC table set, so as to ensure the correctness and completeness of backup data.

Refer to Database Management Tool for detailed manual backup and automatic backup operations.

9.4 Equipment Access Control You need set the IP address segment of the NMS workstation directly if the NM equipment are allocated with private network IP addresses.



9-16

For the NM equipment with public network IP addresses, the IP address segment after NAT conversion should be set for its NMS workstation.

The other IP addresses are all masked (Refer to Broadband Equipment Operation Manual for the setting of broadband equipment ACL).

Add NMS ACL: By setting the ACL of N2000 NMS, you can specify the addresses that are authorized to log on to the NMS server, while the other IP addresses are not authorized (Refer to the specific chapter of Security Policy for the setting of the ACL of the NMS workstation).

9.5 Network Security Monitoring By imaging the ports of the Ethernet switch for connecting Data Communications Network (DCN) or Internet, and then detecting network traffic on imaged ports by use of Intrusion Detection System (IDS) software, network security can be ensured.

I. Introduction to IDS

Intrusion detection is a technology for discovering timely and reporting illegal or abnormal operations in the system, thus guaranteeing the computer system security. IDS is capable of identifying any unexpected action, which may come either from external network or internal network. IDS can detect the attacks before they damage the system, and then drive them out by cooperating with the defending system. During the attack, it can decrease the damages caused by it. After the attack, it can collect the related information about the attack as defending knowledge, and then add the information to the knowledge base, thus enhancing the defending capability of the system.

A typical IDS model consists of three functional parts:

1) Information source for offering event recording streams 2) Analysis engine for discovering intrusions 3) Response component for creating responses to analysis results

As an important part of the global network security solution, IDS needs to cooperate with other security equipment to resolve security problems.

II. Data collection cooperation

IDS need collect both dynamic data (network data packet) and static data (log files and others). The network-based IDS only detects intrusion in the network layer through original IP packets, which cannot satisfy the increasing security demand. The host-based IDS detects intrusion by directly checking user operations and operating system log files, and it cannot detect the attacks from the bottom layer of the network.

Even the integrated IDS (both network based and host based) will separate the collection and analysis of network data packets with that of log files, without considering the correlation between these two types of original data. In addition, IDS obtains



9-17

network data packets by a passive detection method. Once a data packets is lost, it cannot be recovered. The future network will be complete switching network with high speed, and lots of important networks are encrypted. In this case, the collection of network data packets will be more difficult. Therefore, the cooperation on data collection and the full use of data of different layers become a prerequisite for improving intrusion detection capability.

There are two important aspects for data collection cooperation:

1) Cooperation between IDS and bug scan system: Bug scan system functions in scanning the hosts in the network according to the bug database, providing comprehensive report for bugs in host-located network, operating system and applications, and then offering the repairing method, finally giving the risk assessment report.

2) Cooperation between IDS and anti-virus system: For more and more virus attacks from the network, IDS may give alarms according to the some features, but because IDS is not an anti-virus system, it cannot accurately forecast whether the host in the network is suffering from attacks. In this case, the anti-virus system can be used to verify the virus alarms reported by IDS, and then handle the host suffering from virus attacks properly.

III. Data analysis cooperation

IDS not only needs to analyze the data collected by a detection engine by use of mode match and abnormity detection technology to discover some simple intrusions, but also needs to analyze the audit data submitted by several detection engines by use of data mining technology to discover more complicated intrusions.

IV. Response cooperation

IDS integrates with the network equipment or network security equipment that can respond effectively to form a security system providing alarms and responses, which is called response cooperation. Response cooperation includes the following aspects:

V. Cooperation between IDS and firewall

Firewall and IDS can cooperate with each other efficiently. This cooperation exists in both static way and dynamic way. In static way, IDS can analyze the events on the network more effectively by acquainting the strategies of the firewall, thus giving accurate alarms. In dynamic way, when IDS detects an attack, it can notify the firewall to block the established connection and to modify its strategy, thus eliminating the possibilities for latent future attacks.

VI. Cooperation between IDS, router and switch

Similar to the router firewall, the switch is connected to the network in parallel mode. In addition, all of them have preset strategies and they can determine the data stream over the network, so the cooperation between IDS, switch and router is similar to that



9-18

between IDS and firewall, that is, the cooperation exists in both static way and dynamic way.

VII. Cooperation between IDS and anti-virus system

IDS is able to replace the response function of the firewall to some extent by sending large amount of RST messages to block the established connections. However, it is useless in preventing computers from virus attacks. Currently, because network virus attacks gains more and more proportions among all attacks, the cooperation between IDS and anti-virus system becomes more and more important.

VIII. IDS networking

The following illustration shows the whole security system described in this chapter:

Data Stream

Data Stream

Firewall

NE16

Data Stream

Anti-Virus

LAN Switch S3526

IDS Ordinary User Ordinary User

Figure 9-1 Schematic diagram of network security system

Note:

The illustration cannot show all data streams. It only aims to giving an image that a network security system is formed by all security units.



9-19

IX. Introduction to IDS products

1) NetEye

NetEye is the IDS developed by Neusoft. It can expand network protection range by offering continuous monitoring on the network, judge the illegal attempts from internal or external networks by realtime and intelligent analysis of network data streams, send alarms, give responses and take protection measures. It can also monitor, record and replay the running status of the network, thus facilitating the Administrator to fully control the network. NetEye supports automatic maintenance of itself, with no need of user operation and imposing no impact on normal network running. It is a complete network system for audit, monitoring and analysis, and forms an integrated network security solution by cooperation with the NetEye firewall.

2) LinkTrust

LinkTrust is the giga IDS based on status protocol analysis technology developed by Information Security One Ltd. (iS-One). Adopting three-layer architecture, it is usually a distributed high-speed IDS of carrier class and enterprise level. In addition, LinkTrust can monitor the giga traffic and give responses in realtime mode. Status protocol analysis technology supports to detect the known attacks and prevent unknown attacks.

3) Eye of Ice

Eye of Ice is the network-based distributed IDS developed by NSFOCUS Information Technology Co., Ltd. It supports perfect reassembly of IP fragments, and provides both feature-based detection and abnormity-based detection. Automatic online update system enables Eye of Ice to update its rule base synchronously with the NSFOCUS website. NSFOCUS experts trace the latest attack methods uninterruptedly and add them to the rule base immediately. Moreover, the Intranet detection module can detect all illegal external & internal connections, provide multiple modes for preventing intrusion, and can cooperate with multiple types of firewall.

4) Intruder Alert

Intruder Alert (ITA) developed by Symantec can detect outside attacks or suspicious attempts at the network border and inside the network. It is capable of detecting potential dangers, sorting them according to the rules set by the security Administrator, and making corresponding prevention measures. ITA can cover the whole enterprise, including LAN, WAN, Intranet and Internet, providing the enterprise with a variety of choices for security. In addition, ITA adopts the currently popular manager/agent structure, by which it can not only monitor the whole network and check log files, but also detect intrusions in realtime mode.


Chapter 10 Routine Maintenance

10-1


10.1 NMS Maintenance Suggestions

To ensure the normal and reliable running of iManager, you need to pay attention to the following suggestions, and carry out the necessary routine maintenance according to the operation guidance.

1) It is recommended to configure UPS for the NMS workstation, so as to prevent hardware damage, system NoRevert and data loss in case of power failure due to fault.

2) It is recommended to paste a clear sign indicating "Do not power off the NMS workstation! Follow this way to shut down ..." on the NMS workstation and power supply connector.

3) If the NMS workstation cannot be configured with UPS, when the Administrator receives the power failure notification, he/she should shut down the NMS and the workstation before power failure.

4) To shut down the NMS workstation in any case, you must observe the following steps: shut down NMS, close database and then run init 5 (for Solaris). It is prohibited to use halt (for Solaris) or shut off the power supply directly, which may lead to system unrecovery.

5) It is suggested to start three application systems, namely system monitoring terminal, client and realtime alarm browser, after the NMS is started. Generally, they need not be closed so as to facilitate monitoring system status by management personnel.

6) Keep the equipment room clean, away from dust and humidity. 7) Do not play games on the NMS workstation, or install other unnecessary

software for other purpuses. 8) Perform routine check and test according to the operation guidance everyday

and record the results. Paste the contact information such as telephone number and fax number of Huawei Customer Service Center in the equipment room, making the maintenance personnel familiar with it. Phone number of Huawei Customer Service Center: 800-830-2118.

9) If any fault occurs, handle it at once. For the problems that you cannot resolve, you may contact the Regional Office of Huawei or Customer Service Center according to the warranty situation of the equipment.

10) The passwords of the NMS workstation should be authorized by different levels. Management-level passwords are only issued to the authorized persons in charge of maintenance, thus ensuring strict management and distinct division of responsibility and authority.



10-2

10.2 Daily Maintenance Suggestions

10.2.1 Monitoring Running Environment

I. Purpose

To ensure the normal running of the equipment of the NMS workstation.

II. Reference Indexes

Table 10-1 Checklist for monitoring environment

Maintenance Item Operation Guidance Reference Indexes

Temperature of running environment for hardware system

Check the temperature of the running environment Normal range: 15-30°C

Humidity of running environment for hardware system

Check the humidity of the running environment Normal range: 40%-60%

Dustproof situation of running environment for hardware system

Check the dustproof situation of the running environment Good or bad

III. Operation guidance

Make use of the environment & power monitoring function of the NMS to check the temperature, humidity and dustproof situation of the NMS equipment room.

10.2.2 Checking Network Running Status

I. Purpose

To ensure network connectivity between the NMS workstation and NE equipment it manages, between NMS clients, between upper-level NMS and lower-level of NMS.

II. Reference indexes

When equipment node or panel is displayed in non-grey color, it indicates that the communication is normal; when you refresh the equipment node or panel directly, a prompt box indicating success will be displayed, and it also indicates that the communication is normal currently.



10-3


Select [Edit/Refresh] on the NMS client, and then check the color of the equipment icon. If the icon turns to blue indicating the communication broken, it may be because the network is blocked. In this case, select this icon and right click to select the ping command in the shortcut menu to check its connectivity. If the prompt "*.*.*.* (* stands for IP address) alive" appears, it indicates that the network is normal. To check the connectivity between the NMS and the equipment whose IP address is 10.10.10.100, use the command below:

ping 10.10.10.100

If the following information appears,

10.10.10.100 alive

it indicates that the equipment and the NMS are interconnected normally.

In the Solaris system, you can open a terminal, and then ping the routing switch equipment, client equipment, upper-level or lower-level NMS equipment connected with the NMS workstation.

Note:

In the Windows server, the ping command need be executed in DOS. You can check the colors of various state indications from the legend by the steps as follows: select

[View/Filter & Legend], open the "Filter/Legend" display frame, select "Legend" tab on the panel, and then you can view the node status information indicated in different colors.

10.2.3 Checking Running Status of NMS Processes

I. Purpose

By checking the running status of all the processes of the NMS server, to detect and remove the abnormal processes as early as possible, thus ensuring that all the services are implemented normally.


All the processes of the NMS server are running.



10-4


Select [Start/Program/iManager N2000/N2000 SysMonitor] to pop up a "User logon" dialog box. Input the logon password, which is N2000 by default. After setting the NMS server to which you will log on, you can enter the system monitoring client window.

In the "Process" page, the detailed information of all the managed processes is displayed in a list, including process name, process status, start mode, CPU occupation ratio, memory occupation ratio, restart times, start time, server name and process description. Check the current running status and restart times of the system process. If the current status is "Stop", you can start it manually.

10.2.4 Checking Server Performance

I. Purpose

By checking the CPU occupation ratio and the occupied memory size, to obtain the current running status of the NMS server, so as to discover and resolve the abnormities in time, thus ensuring the efficient running of the system.


The CPU occupation ratio of the server is lower than 80%, and the occupied memory should be smaller than 80% of the total memory.


Start the system monitoring client and click "System resource information" tab. In this page, check the server resource information, including server name, CPU occupation ratio, physical memory, occupied memory, remaining memory and occupation rate. By this operation, you can obtain the CPU occupation ratio and the occupied memory size, thus facilitating you to master the running status of the server at any time.

10.2.5 Checking Running Status of Equipment

I. Purpose

To obtain and control the running status of the equipment.


The equipment should be in normal running status, and the equipment node should be in green.



10-5


Select [Edit/Refresh] in the NMS client menu to refresh all the equipment status, and then check whether the equipment topology node is in green at this time. If it is in yellow, it indicates that the equipment is abnormal; if in red, it indicates that the equipment is faulty seriously; if in grey, it indicates that the equipment communication interrupts or the agent is faulty.

10.2.6 Checking Running Status of Boards

I. Purpose

To obtain the running status of the boards in the equipment.


The boards should be in normal running status, and the status indicators are green.


Select [Edit/Refresh] in the NMS client menu, and open the view of various NE device panels to check whether the boards are in green (indicating normal status), whether some boards are in red (indicating faulty status), whether the quantity and positions of the boards on the panel are consistent with the actual situation; or view the detailed information of a board to check it is normal.

10.2.7 Saving Configuration Data of Equipment

I. Purpose

To prevent data inconsistency for the reason that the modified configuration data are not synchronized to the equipment. If the configuration data of the equipment are not saved to the Flash in time, when emergency occurs (power-off for example), the lost service data cannot be restored, so it is necessary to back up the configuration data to the Flash regularly.


The configuration data should be saved to the Flash in time.


The system supports both immediate save and automatic save functions.

Immediate save



10-6

Open the equipment panel view;

Select the main control board, right click on it and select [Save Data/Save Data Immediately] in the shortcut menu. A prompt dialog box pops up for you to confirm the immediate save operation;

Click <OK>.

Automatic save

Open the equipment panel view;

Select the main control board, right click on it and select [Save Data/Auto Save Configuration] in the shortcut menu. Then the "Auto Save Configuration" dialog box pops up;

In the dialog box, turn on the "Auto Save Switch", then you can set the period for automatic save.

Set the period by selecting in the "Cycle" pull-down list boxes.

Click <OK> to exit the dialog box for data save and return to the equipment panel view.

Note:

The operation procedures may be different for different NEs. Please refer to the user manuals for the corresponding NE subsystems.

10.2.8 Monitoring and Processing Alarms

I. Purpose

By obtaining the equipment alarm information, to carry out necessary maintenance on equipment and system, so as to reduce faults and accidents.


None.


In daily maintenance, you need monitor the reported alarms in real time. The schematic diagram of the alarm board is displayed in realtime mode on the right of the



10-7

toolbar in the main client window, which facilitates you to monitor the current alarm information.

If the indicator in the schematic diagram flashes, it indicates that an alarm is reported. At this time, you can open the alarm board by double clicking the schematic diagram, and then query the current alarm. The specific operation procedure is as follows:

Select [Fault/Display Alarm Panel] to open the alarm panel.

Double click the indicator of an alarm to query the data of all the current alarms of this level.

After finding the current alarms, mainly check the information of critical alarms and major alarms. Based on these information and the possible causes provided by the system, locate the fault and handle it immediately. Refer to the contents related to locating and handling faults in Chapter 3 Fault Management for specific handling methods.

10.2.9 Monitoring User Operations

I. Purpose

By checking operation log or user operations, to get acquainted with the operations of the user for logon to the NMS, so as to detect the exception in time, prevent illegal users' malicious attempts, and backtrack the error operations done by the NMS maintenance personnel.


There is no exception or malicious operation recorded in the operation log.


Select [System/Browse User Log] in the NMS client menu. In the "Browse User Log" window that pops up, check the operations of the logon users.

Select [System/Monitor user operation]. In the "Monitor user operation" window that pops up, set the monitoring conditions and check the operations of the users logging on to the NMS currently.

By this operation, you can discover the problems in time and prevent malicious attempts of illegal users in advance.



10-8

10.2.10 Backing up NMS Database

I. Purpose

Back up the configuration data in the NMS database each day to minimize data loss in case of accident, and to recover the NMS as early as possible.


None.


In daily maintenance, both manual backup and automatic backup are employed. To simplify daily maintenance, you can adopt automatic backup as the active mode, and manual backup as the standby mode.

In order not to affect the normal maintenance during backup, it is recommended to carry out automatic backup between 00:00 and 06:00, and perform manual backup when the NMS server is in low load.

Refer to Chapter 7 Database Backup Tool for the detailed operations.

Note:

Start the system monitor and select the "Database" tab. This tab lists details about all manageable databases of the current NMS Server, including Name, Server Name, Size, Free Space, Used Rate, Data Size, Log Size and Last Backup Time.

10.2.11 Shift Maintenance

I. Purpose

To facilitate the maintenance personnel after the shift to be acquainted with the present running status of the NMS and other equipment, thus ensuring the smooth handover of the maintenance work.


The daily maintenance records are outputted.



10-9


Set a maintenance record table for recording the daily maintenance information. Hand it over to the next maintenance personnel on duty and emphasize the aspects to which he/she should pay attention.

It is recommended to carry out these operations everyday to maintain the NMS and check its basic functions.

10.3 Weekly Maintenance Suggestions

10.3.1 Checking Performance Data

I. Purpose

As the important data provided by the NMS, performance data are the basis for you to know the equipment status, analyze services and functions, and finally make decisions. Therefore, you need check the performance statistics periodically so as to obtain the running status of the whole equipment.


Performance statistics data are saved regularly in the hard disk in other format to facilitate query at any time.


Performance data include realtime performance data and history performance data. You can view and save some of the performance data as desired weekly. The operations are as follows:

First, create a performance statistics task, and then select [Performance/Performance Data Management] in the NMS client menu to open the performance data query window. Select the equipment to be queried in the window, set the performance index to be queried, and then start to query it. You can view the statistics data of the selected performance index of the equipment. When viewing it, you can also save the results in HTML or Excel file, or in other output modes such as histogram or curve diagram.

Refer to Chapter 4 Performance Management for specific operations.



10-10

10.3.2 Managing Hard Disk Space of Server

I. Purpose

If the large quantity of useless history data and those saved in other forms are not cleared in time, they will occupy a lot of database space and affect its performance, or even lead to unnecessary maintenance work. To prevent the database from being overloaded, you need clear the database at a certain time weekly and check the current occupation status of each hard disk partition on the server, so as to avoid effecting system performance due to little available space.


It is suggested that the occupation rate of each partition be lower than 80%.


In the monitoring client window, click the "Disk" tab to check the server hard disk information, including server name, operating system, system partitions, total space, occupied space, remaining space and occupation rate. If the occupation rate is higher than 80%, you should clean up the hard disk as soon as possible. The specific operations are as follows:

Delete useless data in the database, including acknowledged alarms and warning alarms, canceled alarms and unknown alarms.

Delete event logs.

10.3.3 Managing Database Space

I. Purpose

By checking automatic dump and automatic backup status in the system, to ensure enough space in the database for storing data and logs, so as to guarantee the normal running of the NMS.

By monitoring the occupation rate of the database, to expand the database size if necessary, as so to avoid errors and data loss due to limited space.


The available space of the database needed is determined based on the actual running of the system. It is recommended that the available space be no more than 80% of the total space of the database.



10-11


The system provides improved automatic data maintenance function. However, in daily maintenance, it is only necessary to check logs to obtain the implementation status of automatic dump & backup tasks and the current occupation rate of the databases. In special cases, for example, when changing the storage equipment, you can also dump the data at once manually. The system supports full dump, timing dump and manual dump of log database. Refer to the specific operations in Log Management.

The system also supports the above-mentioned dump modes for alarm and event database. Refer to the specific operations in Chapter 3 Fault Management. After the alarm data are dumped, be sure to clear the database immediately.

Note:

Start the system monitor and select the "Database" tab. This tab lists details about all manageable databases of the current NMS Server, including Name, Server Name, Size, Free Space, Used Rate, Data Size, Log Size and Last Backup Time.

10.3.4 Backing up NMS Database

I. Purpose

By backing up the database, to guarantee timely restoration of the database in case of accident.

By backing up the NMS databases weekly, to minimize data loss due to disk error or other errors damaging the file system in the workstation.


A full backup of the database should be carried out every Friday. To save the hard disk space, you can delete the daily backup files of the last week after this backup.


Back up the database manually or carry out the automatic backup supported by the system. Check the operation logs to obtain the implementation status of timing backup tasks. Refer to Chapter 7 Database Backup Tool for details.



10-12

The NMS workstation adopts the Solaris operating system, which supports to download the files by FTP. However, you need create a user with read authority to the directory for storing data files before downloading them. Refer to Solaris Operation Manual or other related documentary for creating the user. Or you may adopt superuser download, before which you need to add "#" at the beginning of the "root" line in the Solaris operating system file /etc/ftpusers by use of the vi tool. Refer to Solaris Operation Manual or other related documentary for the use of vi.

If the NMS workstation works on Windows, the file can be shared and backed up to other computer through file sharing.

10.3.5 Managing User Authority

I. Purpose

By checking the users of the NMS and the NMS workstation weekly, to clear the illegal users and adjust the authority of ordinary users appropriately, thus ensuring the security of the NMS and the NMS workstation.


You need check the users of the NMS and the NMS workstation weekly, clear the illegal users and adjust the authority of ordinary users appropriately.


In the NMS client, select [System/Security Manager] to accomplish the following operations:

Delete abandoned NMS users; Set the ACL authority for NMS users, that is, NMS users can log on from which

client; Set operation authority for NMS users, that is, NMS users can carry out which

operations; Set management authority for NMS users, that is, NMS users can manage which

equipment; Switch to the superuser in Solaris system maintenance terminal and input

#admintool. In the interface that appears, you may accomplish the follows: Delete abandoned NMS workstation users; Add new NMS workstation users and user groups; Add/delete authority for NMS workstation users, and modify the logon password

for NMS workstation users.



10-13

For Windows, select [Programs/Management Tools/Computer Management], to pop up the “Computer Management” dialog box. You can management the Windows users.

10.3.6 Outputting Weekly Report

I. Purpose

By summarizing the maintenance work of a week, to monitor the running status of the NMS globally, and collect fault symptoms and handling measures for future reference.


You need output the weekly report and record the faults and handling measures.


Customize a weekly report template, in which you need record the weekly maintenance work, summarize the shift maintenance report, analyze the NMS running status of the week and point out the key problems. You also need collect the NMS related problems, processing of alarms, emergency handling measures in paper or in electronic file, which are useful for writing the formal experience document at the end of the month.

It is recommended to carry out these operations every week, so as to ensure the normal and efficient running of the NMS. Do not store the files for saving alarm data and performance data in the NMS workstation, for they will occupy too much space. It is suggested to download them to a dedicated data backup server.

10.4 Monthly Maintenance Suggestions

10.4.1 Checking NMS Running Performance

I. Purpose

By checking the indexes of the NMS relative resources, to ensure the performance requirements for the NMS running.


You need check the database information and system resource information of the NMS regularly.



10-14


Open the system monitoring client. In the "Disk" page, the information about the NMS server hard disk is displayed in a list, including server name, operating system, system partition, total space, occupied space, available space and occupation rate.

In the "System Resource" page, the system information of the NMS server is displayed in a list, including server name, CPU occupation ratio, physical memory, occupied memory and available memory.

Check the above-mentioned resources, discover and remove the faults as early as possible, so as to ensure the system to run efficiently.

10.4.2 Checking NMS Workstation Security

I. Purpose

By checking the security of operating system regularly, to ensure the NMS to run in a secure and reliable environment.


It is suggested to modify the superuser password and other relative passwords regularly.


Besides the modification of passwords periodically, you should also install the newest operating system patch:

Install the Windows operating system patch:

Visit www.microsoft.com, find and download the newest patch provided by Microsoft. Copy to the NMS workstation then install the patch. Right click “My Computer” and select [Properties] to pop up the “System Properties" dialog box. Click the "General" tab to query the patch version information.

Install the Solaris operating system patch:

First, visit sunsolve.sun.com to download the latest patch released by SUN Corporation, and transfer it by ftp to the NMS workstation in binary mode. To add the patch, use the command # patchadd patch to add the patch; to delete the patch, use the command patchrm patch; to check the patch, use the command Showrev -p|gerp patch.



10-15

Caution:

After adding the patch, you are required to restart the workstation. Whether to carry out it depends on the actual conditions. Generally, it should be performed when the NMS is in low load.

Prohibit the authority of user root to log on to FTP and Telnet;

To prohibit the authority to log on to FTP: use the vi tool to edit the /etc/ftpusers file, in which if there is no "root" line, add it; if there is, ensure that no "#" is added at the beginning of the line.

To prohibit the authority to log on to Telnet: use the vi tool to edit the /etc/default/login file, in which if there is no "CONSOLE=/dev/console" line, add it; if there is, ensure that no "#" is added at the beginning of the line.

Close all insecure service ports.

To close the FTP port of Telnet: use the vi tool to edit the /etc/inetd.conf file, and add "#" at the beginning of the following two lines:

ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd

telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd

Search the process number of inetd by the ps -ef|grep inetd command, and stop and then restart the inetd process by the command Kill-HUP + process number, these two services can be prohibited. To prohibit the other services, use similar method.

10.4.3 Checking NMS Installation Disk

I. Purpose

To find the installation disks of operating system and database quickly in case of emergency.


Put the installation disks in a fixed and easy-to-find place.


The installation disks of operating system and database (such as Windows, Solaris, Sybase, SQL Server) are delivered with the corresponding equipment, and they should be put together a fixed and easy-to-find place after the NMS is established. Generally, three Solaris installation CDs are used, namely software (1/2), software (2/2), and software language. Generally, only one CD is used to install Sybase server.



10-16

10.4.4 Saving or Deleting History Data in NMS Database

I. Purpose

Generally, performance data occupy a large space in the NMS database, so they should be cleared periodically. In addition, performance data are very important and provide basis for you to know the equipment status, analyze services and functions, and finally make decisions, therefore, useful history data should be saved in other format.


Depending on your need, part of the history performance data can be saved monthly, and some performance data exported weekly can be deleted.


In the client interface, select [Performance/Performance data management]. In the performance data management window that pops up, select the equipment that has been set with a performance collection task, and select a performance query mode to query the required performance statistics data, and then click <Save> to save the data in HTML or Excel.

Refer to Chapter 4 Performance Management for specific operations.

10.4.5 Exporting or Clearing Data Files

I. Purpose

During daily maintenance and weekly maintenance, a large quantity of NMS database files and NE configuration files are backed up in the NMS workstation, and they will occupy too much disk space. Therefore, you need to save these files in other media to minimize data loss and occupy less space of the NMS workstation.


The database files and NMS configuration files that are backed up can be downloaded and saved in a dedicated data backup server regularly.


Export the backup files of NMS data and NE data, and delete the daily backup data and weekly backup data of the last month from the dedicated data backup server.



10-17

The NMS workstation adopts the Solaris operating system, which can download the files by FTP tools. However, you need create a user with read authority to the directory for storing data files before downloading them. Refer to Solaris Operation Manual or other related documentary for creating the user. Or you may adopt superuser download, before which you need to add "#" at the beginning of the "root" line in the Solaris operating system file /etc/ftpusers by use of the vi tool. Refer to Solaris Operation Manual or other related documentary for the use of vi. To delete a file on the NMS workstation, use the command rm file name. To delete a folder, use the command rm –r folder name.

For example, the command to delete the file temp in the root directory is #rm temp, and the command to delete the folder test in the root directory is #rm –r test.

10.4.6 Checking Hardware, Power Supply and Equipment Room Environment of Workstation

I. Purpose

By checking the running status of the workstation, auxiliary equipment and the UPS, to ensure the normal and reliable running of the whole NMS.


Temperature within the equipment room: 15-30 °C; humidity within the equipment room: 40%-65%; dustproof situation: good or bad.

UPS and standby power supply are configured in the server, and the sockets are fixed tightly.


Check the running environment as described in the daily maintenance guidance, including the temperature, humidity and dustproof situation in the NMS equipment room. Check the position of the workstation, and check the keyboard, mouse, display, network adapter, serial port, power cable, network cable and disk drive of the workstation.

Check whether the server is configured with UPS, whether the NMS is configured with standby power supply; check whether the power cable is in good condition ,whether the NMS standby power supply is plugged, whether the connection point is not rusted, whether the socket is fixed tightly, whether the switch functions well, whether the display of voltage and current is right.



10-18

10.4.7 Checking SUN Terminal and PC Terminal of NMS

I. Purpose

The status of SUN terminal and PC terminal of the NMS workstation is important for the running of the NMS, so you need to check the running status of them and their auxiliary equipment periodically, ensuring normal maintenance and application.


None.


Check them as described in the NMS workstation check guidance. For PC terminal, you also need to check the items about its auxiliary equipment and Windows. Run defrag to ensure enough available disk space.

10.4.8 Outputting Monthly Report

I. Purpose

To analyze and summarize the data collected within a month, as a basis for making decision; to collect the fault symptom and emergency handling measures and summarize them in a document, as a reference for future maintenance.


The monthly report and a summary document for fault handling measures should be outputted.


Customize a monthly report template, in which you need to summarize the monthly and weekly maintenance work, to globally analyze the NMS running status within the month, and to point out the key problems. Summarize and output the fault symptom and emergency handling measures in paper document or electronic document for reference and learning.

It is recommended to carry out these operations every month, as a summary of the maintenance work of a month.



10-19

10.5 Quarterly Maintenance Suggestions

10.5.1 Checking NMS by Remote Logon

I. Purpose

Besides the routine maintenance of the local NMS by the local office, it is recommended that the central office check the maintenance work of all the offices quarterly by remote logon. In addition, the users in warranty can also ask the maintenance engineer of Huawei for check by remote logon, so as to eliminate potential faults and facilitate interchange of experience and information.


None.


Check the running status of the NMS and the NMS workstation, daily/weekly/monthly maintenance work and some deliverables. Summarize the experience in a document and share it. Check the items as specified in the daily, weekly and monthly maintenance guidance. Generally, the central office checks the regional offices directly by using Telnet in intranet or by using X-winpro. If the intranet cannot be used, remote dialing mode can be adopted. For the SUN workstation, it is necessary to configure the parameters such as serial port number and so on.

10.5.2 Communicating Maintenance Experience

I. Purpose

To share the maintenance experience, discuss maintenance problems and solutions, and output them in a document.


Summarize the maintenance experience in a document.


Hold a conference to discuss and review the documents written by the maintenance personnel, summarize the maintenance work, write the conference summary, output the reviewed cases and tutorials to share them as internal resources or to submit them to the Huawei support website for technical intercommunications.



10-20

10.5.3 Outputting Quarterly Report

Customize a report template and fill in the quarterly running report.

10.6 Yearly Maintenance Suggestions

10.6.1 Summarizing Yearly Maintenance Experience

I. Purpose

By summarizing the yearly maintenance work, to prepare for the maintenance work of the next year.


Output various maintenance reports of the year and organize corresponding trainings.


Discuss the policy for the maintenance work of the next year, collect the maintenance related documents and records, summarize the maintenance work of the year, and evaluate the work of the maintenance personnel. You can send the excellent maintenance personnel to participate the trainings organized by Huawei, so as to improve their skills.

10.6.2 Outputting Yearly Report

Customize a yearly report template and fill in it.


Chapter 11 Remote Maintenance

11-1


When a fault occurs to the iManager N2000 and its devices, the remote maintenance function helps you to locate and solve the problems as quickly as possible. This lowers the maintenance cost. In addition, this function helps Huawei Technologies Co., Ltd. to check devices periodically to ensure the security of the devices.

11.1 Setting Up Remote Maintenance Channels

Currently, the major communication mode is the Public Switched Telephone Network (PSTN) dial-up service connection mode. The server platform of the NMS can either be SUN Solaris system or Microsoft Windows 2000 system. Both support the PSTN dial-up service connection mode. The dial-up client is usually PC/Windows 98/2000 platform. The dial server can be PC/Windows 98/2000 or SUN Solaris operating system.

First check which end, the remote end or the local end, provides the dial-up access function. Currently, the NMS operating on the workstation platform only serves as the dial-up access server, as shown in mode (1). If the NMS operates on Windows platform, the end with the dial-up access function serves as the dial-up access server, as shown in modes (2) and (3). The dial-up client dials in the dial-up access server to establish communication connections.

-----------------Remote End-----------------------------Local End------------ ----------

1) PC/Windows98/2000 ---PSTN---> WS as Dial-up Server---> Gateway NE 2) PC/Windows98/2000 ---PSTN---> PC/Windows98/2000 ---> Gateway NE 3) PC/Windows98/2000 <--PSTN---- PC/Windows98/2000 ---> Gateway NE

----------------------------------------------------------------------------------------------------

11.2 Hardware Requirements and Connection Methods

Based on the above mentioned communication modes, the hardware requirements are as follows: one Robotics, Sportster 33.6K, Hayes or Etek modem at each side. The modems are delivered together with an NMS computer or workstation. The correct connection methods are introduced below.



11-2

11.2.1 PC and PC workstation

For a PC or PC workstation, connect the serial port cable accompanying the modem to the PC or PC workstation, plug the telephone line into the Line socket of the modem, and then use the accompanying transformer to feed the modem.

11.2.2 SUN workstation

For a SUN workstation, do not use the serial port cable accompanying the modem. Use the delivery attached DB25 serial port cable instead. Serial port A or B and serial port of the modem are usually DB25 (female). Because the cable accompanying the modem is usually female--------male, it cannot be used here. A DB25(male)------DB25(male) is needed to connect the workstation and the modem. The connection method is as shown in Figure 11-1. Pins 1~8 and 20 must be connected to their counterparts one by one. For the currently delivered modem cables, pins 1~25 correspond to their counterparts one by one. Plug the telephone line into the Line port of the modem. Use the accompanying transformer to feed the modem.

Ground (GND)

Transmit Data (TD)

Receive Data (RD)

Request To Send (RTS)

Clear To Send (CTS)

Date Set Ready (DSR)

Signal Ground (SG)

Data Carrier Detect (DCD)

Data Terminal Ready (DTR)

1

2

3

4

5

6

7

8

20

1

2

3

4

5

6

7

8

20

Ground (GND)

Transmit Data (TD)

Receive Data (RD)

Request To Send (RTS)

Clear To Send (CTS)

Date Set Ready (DSR)

Signal Ground (SG)

Data Carrier Detect (DCD)

Data Terminal Ready (DTR)

1

2

3

4

5

6

7

8

20

1

2

3

4

5

6

7

8

20

1

2

3

4

5

6

7

8

20

1

2

3

4

5

6

7

8

20

Figure 11-1 Connections between the workstation and the modem



11-3

11.3 Software Configuration for Communication Connections

Note:

Before configuring the software for communication connections, please connect the Modem with the computer and install the Modem driver.

11.3.1 PC/Windows2000 as PSTN dial-up access server

I. Software requirement

No other software is needed because it is an inherent function of the system.

II. Configuration procedure

Follow the connection wizard to set up a dial-up connection

1) Select [Setting/Network and Dial-up/New Connection] from the [Start] menu to start a setup Wizard. Click <Next>.

2) Select “Accept IN Connection”, and then click <Next>. 3) Select “Standard Modem”, and then click <Next>. 4) Select “Not Allowed Virtual Private Connection”, and then click <Next>. 5) Click <Add> to add a new user, and set the user name and password. 6) Click <Next>. Then a dialog box appears for you to select network components. 7) Select all network components, and then click <Next>. 8) Click <Finish>.

11.3.2 PC/Windows2000 as PSTN dial-up client

I. Software requirement

No other software is needed because it is an inherent function of the system.


If Windows 2000 serves as the dial-up client, follow the operation guide to configure it.

The following part describes the configuration procedure of the dial-up client in Windows 2000. For Windows 98, the procedure is almost the same.



11-4

1) Select [Setting/Network and Dial-up/New Connection] from the [Start] menu to start a setup Wizard. Click <Next>.

2) Select “Dial to Private Network” and then click <Next>. 3) Type in the area code of the telephone you dial in the “Zone No. (A)” box and

telephone number of the dial-up server in the “Telephone No.” box. Select in the country/region code list. For a toll call, select the ”Use Dial-up Principle” check box; for a local call, clear the ” Use Dial-up Principle” check box. Click <Next>.

4) Select “All Users Use the Connection” or “Only My Connection”, and then click <Next>. “Only My Connection” is recommended.

5) Type “Remote Maintenance Client” in the “Type in the Connection Name” edit box, select the “Add Shortcut on My Desktop” check box, and then click <Finish>.

To place a call, double click the “Remote Maintenance Client” icon. Then a login interface appears. Enter your user name and password in the “User Name” and “Password" boxes respectively. Type the telephone number you want to dial in the “Dial” box, including the area code. Then click <Dial>.

11.3.3 SUN workstation as PSTN dial-up access server

I. Configuration requirement

1) When SUN workstation serves as the Point to Point Protocol (PPP) server, there are two kinds of virtual network interfaces: ipdptpn and ipdn (where n indicates the device number. Serial port A corresponds to 0 and serial port B to 1). For ipdptpn interface, one modem can only connect to one PPP client. For ipdn interface, one modem can connect to multiple PPP clients.

2) For the time being, only the configuration of static IP-based PPP client is supported. If a PC serves as the PPP client, set "PPP" as the server type when setting connection attributes, and select the specified IP address when setting TCP/IP attributes. Other settings remain unchanged.

3) The dial-up script should be compiled in consistency with the type of modem. It is hard to do so during the configuration of workstation dial-up service. Three types of modems are recommended: Robotics, Hayes, and Etek. Here we introduce the configuration of Hayes modem.

4) Unix to Unix Copy Protocol (UUCP) software and PPP software should be pre-installed on the workstation (they are already installed on the current workstations). If necessary, use this command to install the PPP software:

#: pkginfo | grep ppp


1) Check the connection of modem.

Connect the modem to the serial port, and then use this command to check whether the modem is properly connected (assume that the modem is connected to serial port A):



11-5

# tip /dev/cua/a

connected

If “connected” is displayed, it indicates that the modem is connected to serial port A. In this case, if the modem can be configured by using AT commands, it indicates that the modem is connected properly. Otherwise, check whether the serial port cable and the modem are normal. Type “~” to quit the command “tip”.

2) Configure the PPP.

Default settings of configuration script:

The IP addresses of the PPP server and PPP client are set to “192.168.55.1” and “192.168.55.2” respectively.

The PPP server adopts ipdptpn network interfaces. The login user name of the PPP client is “ppp_user”.

These parameters can be changed if necessary.

Set the server:

On the PC, load the file “ppp.tar” to the directory “/usr/local/rms/” as the user “root”. Note that this file is transmitted in binary system.

Log in to the workstation as a super user, and then decompress the file “ppp.tar”.

# cd /usr/local/rms

# tar xvf ppp.tar

Connect the modem to the workstation and telephone line, and then power on the modem. On the workstation, enter the PPP directory, and then configure the PPP server as below:

# cd PPP

# sh setup_ppp.sh (or use “./setup_ppp.sh”).

Specify the computer as the remote monitor server (options are client and server. By default it serves as the client): server

Input the serial port used (a or b. It is “a” by default): b Rate of serial communication (19200bps, 9600bps, or 38400bps. It is 19200bps

by default (We recommend that you press <Enter> to accept the default value 19200bps).

Input the type of the used modem (Hayes, Robotics, or Etek. It is Hayes by default): (case-sensitive).

The PPP user is “ppp_user” by default. Input the password of "ppp-user": New password: (input the password of the PPP user.) Re-enter new password: (Input the password of the PPP user again)



11-6

Note:

If you have forgotten the password of "ppp_user", log in as a super user and then change the password using the command “passwd ppp_user”. We recommend that you set the default password to “abcd”.

Input these two commands to control the Hayes modem (we recommend that you copy and paste them).

AT&FN0Q2X0&C1&D2S0=1&W&y<CR>: Set parameters of modem

~.<CR>: End the session with modem

Note:

Input the above two commands from the beginning of the line. <CR> stands for Carriage Return.

If a Robotics modem is used, we recommend that the AT command used to communicate with the modem be changed to:

AT&F1&B1&C1&D2X0S0=1&W

If an Etek modem is used, we recommend that the AT commands used to communicate with the modem be changed to:

ATX0&C1&D2S0=1&W

connected

AT&FN0Q2X0&C1&D2S0=1&W&y

OK

~.

[EOT]

#

Note:

Both serial ports a and b are okay. We recommend using 19200bps as the serial communication rate. The modem type is case sensitive. We recommend that you input the AT commands for communicating modem with “Copy” and “Paste”.

To end the session with the modem, type “~” at the beginning of the line.

3) Establish and end connections Check if the process “asppp” is started:

# ps -ef | grep asppp



11-7

Start “asppp”

# /etc/init.d/asppp start

Stop “asppp”

# /etc/init.d/asppp stop

After "asppp” is started on both the server and the client, ping the server to establish the dial-up connection.

# ping ppp_server [N]

Note:

The dial-up may take a tong time. If you ping the server for the first time, a time-out might occur. "N" is used to set the time-out period of the command “ping”. You can check whether the connection is made by viewing the log files (see "Troubleshooting" later in this manual) or the status indicator in the mode.

III. Change default settings

1) Change the default telephone number of the client

Modify the file “/etc/uucp/Systems” . The last row of the file is:

UNIX Any PPP 19200 0,163 ...

Where “0,163” indicates the telephone number of the PPP server. Modify it directly.

2) Change the IP address

The server and the client should be synchronized.

Modify the IP address of the server.

Log in as a superuser, and then edit the file “/etc/hosts”:

...

192.168.55.1 ppp_server

192.168.55.2 ppp_client

...

Change the corresponding IP addresses of ppp_server and ppp_client.

If the client is a workstation, change the IP address in the above way. If the client is a PC, enter the IP address of the ppp.chient in the file ”/etc/hosts” at the server.

The IP addresses of the PPP server and all PPP clients should be within the same subnet.

3) Rename the server and client

The name is only valid at the local end. The IP addresses of the server and client should be consistent.



11-8

Modify the server:

Step 1: Log in as a superuser, and then modify the file “/etc/hosts”:

...

192.168.55.1 ppp_server

192.168.55.2 ppp_client

...

Modify ppp_server and ppp_client

Step 2: Change the file “/etc/asppp.cf”:

...

ifconfig ipdptp0 plumb ppp_server ppp_client up

...

Modify ppp_server and ppp_client

Note:

If the virtual network interface is ipdn, the format of the file “ asppp.c” is different from the one listed above. Simply modify ppp_server and ppp_client.

Modify the client (workstation):

Step 1: The same as Step 1 in modifying the server.

Step 2: The same as Step 2 in modifying the server. The virtual network interface of the client can only be ipdptpn. Do not change the format of asppp.cf.

4) Change the type of the virtual network interface of the server to ipdn

Log in as a superuser, and then modify the file “/etc/asppp.cf”:

ifconfig ipdptp0 plumb ppp_server ppp_client up

path

...

interface ipdptp0

...

Change the above information to:

ifconfig ipd0 plumb ppp_server up

path

...

interface ipd0

peer_ip_address ppp_client

...

5) Connect the server with multiple clients



11-9

Change the interface type to ipdn. Log in as a superuser, and then add the IP addresses of the clients to the file

“/etc/hosts”. ...

192.168.55.1 ppp_server

192.168.55.2 ppp_client

192.168.55.3 ppp_client2

192.168.55.4 ppp_client3

...

Log in as a superuser, and then add the description of the paths to the file “/etc/asppp.cf”,

#Connection parameter setting of ppp_client(192.168.55.2)

path

...

peer_ip_address ppp_client

...

#Connection parameter setting of ppp_client1(192.168.55.3)

path

...

peer_ip_address ppp_client1

...

For all the paths, the peer_ip_address is different but other parameters are identical.

IV. Configure the PPP server as a router

1) Add ppp network number

Log in as a superuser, and then add the ppp network number to the file “/etc/networks ”,

...

pppnet 192.168.55 ppp #ppp network

2) Set subnet mask

Log in as a superuser, and then modify the file “/etc/netmasks”.

...

192.168.55.0 255.255.255.0

3) Add PPP host name

If the virtual network interface is ipdn, create the file “/etc/hostname.ipdn”. If it is ipdptpn , create the file “/etc/hostname.ipdptpn ”.

Enter the PPP host name, and then log in as a super user.

# vi /etc/hostname.ipdn

ppp_server

Save the file, and then restart the workstation.



11-10

4) Start the routing process

Check whether the routing process (in.routed, in.rdisc) of the access server has been started.

# ps -ef | grep in.routed

# ps -ef | grep in.rdisc

If not, run these commands:

# /usr/sbin/ndd -set /dev/ip ip_forwarding 1

# /usr/sbin/in.routed -s

# /usr/sbin/in.rdisc -r

5) Set default route at the client

Set a default route at the PPP client, with the gateway being ppp_server.

# route add default ppp_server

6) Set default route at the host

At the LAN host side, set a route to the PPP network, with the gateway being the Ethernet IP address of the PPP server.

# route add 192.168.55.0 xxx.xxx.xxx.xxx

11.4 Remote Maintenance Schemes

The remote maintenance mode varies with the operating system platform and the remote maintenance tool software. This section details the remote maintenance modes of the iManager N2000 (Client/Server).

11.4.1 SUN workstation serves as the dial-up server

This mode is used in situations where the server of the operator is a SUN workstation. It features high connection rate and high security. First set up the corresponding dial-up connection (see Section 10.1.3), and then follow these steps to perform the maintenance.

1) Both parties establish communication connections in between. The remote maintenance client should get information such as the telephone number of the opposite end, dial-up user name and password. Then dial in the iManager N2000 NMS Workstation of the operator.

2) The remote maintenance engineer runs the iManager N2000 Client, inputs “192.168.55.1: 9801” in the server input box, and then the user name and password provided by the operator, and clicks <Login>. After logging in successfully, the maintenance engineer can perform remote maintenance.



11-11

Note:

Both parties establish communication connections in between. The remote maintenance client should get information such as the telephone number of the opposite end, dial-up user name and password. Then dial in iManager N2000 NMS Workstation of the operator.

For the sake of security, set one TELNET connection for the SUN workstation and disable the FTP function.

11.4.2 PC/Windows2000 serves as the dial-up server

This mode is used in situations where the server of the operator is a PC. It features high connection rate and high security. First set up the corresponding dial-up connection (see Section 10.1.2), and then follow these steps to perform the maintenance.

1) Both parties establish communication connections in between. The remote maintenance client should get information such as the telephone number of the opposite end, dial-up user name and password. Then dial in the network management PC of the operator.

2) The remote maintenance engineer runs the iManager N2000 Client, inputs “192.168.55.1: 9801” in the server input box, and then the user name and password provided by the operator, and click <Login>. After logging in successfully, the maintenance engineer can perform remote maintenance.

Note:

If the dial-up connection at the server side is disconnected, restart the SS module of the NMS Server. For the sake of security, the number of the login users is limited.

11.5 Troubleshooting

I. Failed to connect to SUN workstation

1) Check whether the connections are correct, especially the connection of the SUN workstation. Check whether the modem is connected properly. The telephone line should be connected to the jacket marked “line”.

2) Make sure that connection of the modem is normal. If a message similar to tip: /dev/cua/b: No such device or address

all ports busy



11-12

appears during the setup, it means that the modem is improperly connected. In this case, check the condition of the lines and make sure that the modem is switched on. Use

tip termb (or terma, respectively indicates that the modem is connected to serial port b or a)

or

tip -19200 /dev/cua/b (a)

to connect the modem. If the message “connected” appears, it indicates that the modem is connected. In this case, you can input “AT”. If "OK” is returned, it indicates that the modem is normal. Input “~” to exit, and then set setup_ppp.sh again. If no “OK” is returned after you input “AT”, input “ATE1Q0”. If still no response is returned, replace the port or re-connect the modem.

For more information about debugging modem, please see the document “Modem_conf.pl”. You can open this file with an HTML browser.

Note:

To use terma or termb, the setup_ppp.sh must be set correspondingly. terma or termb is an entry to file “‘/etc/remote”.

3) Make sure that the password of ppp_user input at the client side is identical to the one set at the server side. run “vi” to view the file “/etc/uucp/Systems”. The password of ppp_user is located at the last row (login: ppp_user word:) of the file. It must be identical to the one set at the server side. To change the password of ppp_user without setting PPP again, log in as a superuser, and use “/usr/bin/passwd ppp_user” to change the password of ppp_user.

4) The file “/var/adm/log/asppp.log” (the same as etc/log/asppp.log) records the operations performed by the PPP user. You can view the dial-up connection progress in ”tail -f /var/adm/log/asppp.log”.

5) If no change occurs in “tail -f /var/adm/log/asppp.log” when the client dials, it means that the PPP user has not logged in or the login shell is not “/usr/sbin/aspppls”. Modify the file “/etc/passwd” directly, or change the login shell of the PPP user to “/usr/sbin/aspppls“ in “admintool”.

6) If the following message is displayed in “/var/adm/log/asppp.log”: 10:13:22 get_fifo_msg: can't find path with peer_system_name ppp_user

It means that the PPP user name set at he client side might be inconsistent with the one set in ”peer_system_name” in “/etc/asppp.cf” at the server side. Please make them consistent.



11-13

II. No display in the SUN workstation login window

The cause is possibly related to cables. Check whether the cables meet the hardware requirements.

III. Frequent problems with the PC workstation serving as the dial-up client

1) Illegible characters appear in the PC client login window. The likely reason is that the rate of the PC client is not set to 19200.

2) Make sure that the dial-up server is correctly installed and is bound with TCP/IP. Problems may occur if multiple dial-up servers are installed.

IV. How to check wether the PPP software has been installed

UUCP software and PPP software should be pre-installed on the workstation (currently, they are already installed on the workstation). Run this command to check whether the PPP software has been installed:

# pkginfo | grep ppp

The system prompts that the PPP software has been installed.

V. The modem at the server side does not answer.

Set the modem to auto answer mode. For Robotics, Hayes and Etek modems, run the scripts again and select a correct modem type (case-sensitive). For another modem type, set the corresponding AT commands by referring to the configuration manual.

User Manual HUAWEI iManager N2000 Fixed Network Integrated Management System Appendix A FAQ

A-1

Appendix A FAQs

A.1 Workstation

A.1.1 How to Start Sun Workstation from CD-ROM (Sun/Solaris)

1) Power on the workstation. When the startup screen appears, key in the <Stop+A> key combination. The prompt "OK" then appears.

2) Put the Solaris installation CD-ROM into the CD-ROM drive, key in the command "boot cdrom" and press <Enter>. The workstation then starts from the CD-ROM.

A.1.2 Sun Workstation Abnormally Shut Down (Sun/Solaris)

Always take the correct procedure to shut down your workstation. Incorrect operations, such as directly switching off, or power failure may damage the file system. If there is a power failure, it is necessary to restore the operating system and database to maintain the normal functioning of the entire system. While re-booting, the system will automatically check and restore the file system. Now, use the fsck command to manually check the file system. Log in as a root user and execute the following commands.

1) Execute the fsck -y command to check the file system

Input the following command in the terminal window:

# fsck -y

The system begins to correct the errors in the file system until the completion of the correction.

A.1.3 How to Set IP Address of Sun Workstation (Sun/Solaris)

Two methods are available:

Method 1: Enter the NIC IP address of the Sun workstation correctly in the "Configure Network" option while installing the operating system.

Method 2: Set the IP address by modifying the corresponding file.

1) Open the "/etc/hosts" file and change the IP address corresponding to the host name.


A-2

2) Open the "/etc/netmasks" file and change the network mask corresponding to the host. If the corresponding item is unavailable, add "host IP network mask", like "10.110.1.1 255.255.0.0".

3) Restart the workstation.

A.1.4 How to Change Host Name of Sun Workstation (Sun/Solaris)

Changing host name of the Sun workstation involves changing the following three files:

/etc/hostname.hme0 /etc/hosts /etc/nodename

Change the host name of the three files to the desired one Restart the workstation to validate your change.

A.1.5 Failed to Connect PC to Sun Workstation through Direct-connect Cable (Sun/Solaris)

Direct-connecting Sun workstation to some network devices may fail due to mismatch. In this case, do not use the direct-connect cables. Add a hub and use ordinary network cables to connect the related devices.

A.1.6 Keyboard No Response for Sun Workstation (Sun/Solaris)

This problem may occur when you click <Stop> on the left part of the keyboard. In this case, click it again.

A.1.7 How to Configure Maximum Terminals for Sun Workstation (Sun/Solaris)?

Add the following settings to the "/etc/system" file:

set npty=100

set pt_cnt=100

Restart the NMS workstation to validate your settings.

A.1.8 How to Use CD-ROM Drive (Sun/Solaris)

If a CD-ROM drive is embedded in the Sun workstation, the system will automatically install it to the "/cdrom" directory. If a CD-ROM is put in the CD-ROM drive, you can enter the "/cdrom" directory and then access to the CD-ROM.


A-3

If an external CD-ROM driver is installed, connect SCSI cables, power on the CD-ROM driver and then the workstation. Then the system can detect it automatically and install it to the "/cdrom" directory.

If a CD-ROM is put in the CD-ROM driver, use the corresponding command to open the CD-ROM drive. First make sure the CD-ROM is not in use, exit the directory where the CD-ROM is located, and then run the following command as a superuser:

# eject

Then the CD-ROM driver is opened. Extract the CD-ROM. If the prompt "Device busy" appears and the CD-ROM is not ejected, run the

following command as a superuser:

# /etc/rc2.d/S92volmgt stop

Then press the eject button on the front panel of the CD-ROM drive, extract the CD-ROM. The CD-ROM drive is not running now. To run the CD-ROM driver, run this command:

# /etc/rc2.d/S92volmgt start

To run or start the system from CD-ROM, put the boot CD-ROM into the CD-ROM drive. When the prompt "OK" appears on the workstation, enter:

OK boot cdrom

Then the system is started from the CD-ROM. Enter the following command at the "OK" prompt:

OK probe-scsi

This is to check if SCSI devices (usually CD-ROM) are well connected to the workstation.

A.1.9 How to Use Tape Drive (Sun/Solaris)

The command "tar" is usually used to operate tape drive. Assume the tape drive is well connected and the device No. is /dev/rmt/0. The general operations include:

Backing up a directory or a file to a tape (the original contents are corrupted, starting from the tape header):

tar cvf /dev/rmt/0 <directory name or filename>

Adding a directory or a file to an existing non-empty tape (the new contents are appended to the original contents):

tar rvf /dev/rmt/0 <directory name or filename>

Viewing the contents of a tape:

tar tvf /dev/rmt/0

Extracting a directory or a file from a tape:


A-4

tar xvf /dev/rmt/0 <directory name or filename>

A.1.10 Failed to Log in to the System as a Root User While Using FTP (Sun/Solaris)

For the sake of security, FTP service is unavailable to the root user by default after Solaris 8 is installed. To use FTP as a root user, follow this procedure:

Log in as a root user, edit the “/etc/ftpusers” file, comment out the root user line, save the setting, and then log out. Then you can log in as a root user by using FTP.

We recommend that you undo the comment operation after use of the FTP service.

A.1.11 Can’t Use Services Such as Telnet After the NMS is Installed

For the sake of security, when iManager N2000 is installed on Solaris OS, services such as telnet, FTP, finger, and so on, are disabled.

To use these services, follow this procedure:

#cd /etc/inet

#cp inetd.conf inet.conf.bak

#cp inetd.conf.021204.034801.bak inetd.conf

Where the file name "inetd.conf.021204.034801.bak” varies with the date on which the NMS is installed.

View the process used to enable the service and make the process to re-read the file.

#ps -ef | grep inet

root 144 1 0 12 04 ? 0:00 /usr/sbin/inetd -s

#kill -HUP 144

Now, you can use the corresponding services. After use, follow this procedure to disable the services:

#cp inet.conf.bak inetd.conf

#kill -HUP 144

A.1.12 File Size Changed When FTP is Used to Send Files

When FTP is used to send files with binary contents (for example, NMS Setup and database interface files), the files must be sent in binary format. Otherwise the transmission error will occur. When you enter the FTP program, the default


A-5

transmission mode is ASCII. In this case, before sending the files, use the command “bin” to change the transmission mode to binary format.

A.1.13 Execution Authority of Files is Lost When FTP is Used to Send Files

If the execution authority of Setup is lost when the Setup is copied to a hard disk through FTP program, change the authority of the file. Take the installation script of the NMS as an example, run this command:

# chmod +x setup.sh

If the system prompts that the authority of another file is lost, change it in the same way.

A.2 Database

A.2.1 How to Change the Password of "sa" (Sun/Solaris/Sybase)?

"sa" is the user name of the Sybase system administrator. After the Sybase database is installed, the password of "sa" is null by default. Please follow these steps to set or change the password to "abc123", for example.

$ isql -Usa –P

1> sp_password null, abc123

2> go

The password is set correctly.

(return status=0)

1>quit

The password of "sa" cannot be changed back to null after setting. Please remember the new password.

A.2.2 How to Set the sa Password (Windows/SQL Server 2000)

If you have not set the sa password during the installation of SQL Server 2000, you can set it through the following methods after installation.

Method 1:

Select [Program/Microsoft SQL Server/Enterprise Manager] from the [Start] menu to pop up "SQL Server Enterprise Manager" window. Unfold the directory tree on the left and locate the security node. Click "Login" and double click "sa" on the right of the window. Set password in the pop-up "SQL Server Login Properties" dialog box.


A-6

Method 2:

Modify the password through "isql" application. It is just the same as the operations for Sybase. Please refer to How to Change the Password of "sa" (Sun/Solaris/Sybase)?

A.2.3 Sun Workstation Abnormally Shut Down (Sun/Solaris/Sybase)

Use the fsck command to manually check the file system. Log in as a root user and execute the following commands.

1) Execute the fsck -y command to check the file system

Input the following command in the terminal window:

# fsck -y

The system begins to correct the errors in the file system until the completion of the correction.

2) If the Sybase database does not start, delete the "/opt/sybase/N2000DBServer.krg" file (Herein, the N2000DBServer is a Database Server name, which is set while installing Sybase). Then execute the /usr/sbin/shutdown -y -g0 -i6 command to restart the WS.

A.2.4 Unable to Start Sybase(Sun/Solaris/Sybase)

Check the shared memory in the "/etc/system" file for the following contents (usually at the end of this file):

set shmsys:shminfo_shmmax = 131072000

Herein, "131072000" is calculated with the following formula based on the memory of 128M.

Y=X*1024*1000 (where X is the physical memory, measured in MB).

If the set shared memory is lower than the value that is calculated based on the physical memory, the Sybase will fail to be started. Calculate the shared memory on the basis of the physical memory, set it again, and then restart the OS.

A.3 NMS

A.3.1 No Response from Left Mouse Button

The left mouse button may give no response after the following operations:

1) Move the cursor onto a topological object. Click the left and right mouse buttons concurrently, then the right-click menu appears.


A-7

2) Hold on these two buttons and move the cursor to another area. Release the buttons simultaneously.

3) Move the cursor out of the popup menu area, click and see whether the left button (selection operation) still functions.

I. Solution

Right click, and then left mouse button will become normal. Do not click the left mouse button and the right mouse button at the same time.

A.3.2 Some NMS Functions Abnormal Due to OS Time Changed

In case of any change to the operating system time of the NMS Server while the NMS is running, some NMS functions based on timer (operation log auto dumping, for example) might be abnormal.

I. Solution

Shut down the NMS and databases and restart the NMS Server.

Please set accurately the system time while installing the OS. Do not change system time of the NMS Server when the NMS is running. If you really need to do so, first exit the NMS, change the system time, and then restart.

A.3.3 Alarm Window Display Abnormal Due to Alarm Panel Closed

After adjusting the real-time alarm window to show both unacknowledged alarm pane and acknowledged alarm pane, open and then close the alarm panel. Then the acknowledged alarm pane maybe restores the original size.

I. Solution

Drag to resize the acknowledged alarm pane.

A.3.4 Installation Interface No Response (Windows)

Sometimes the installation interface may stop refreshing (becomes blank, for example) while installing the NMS under Windows.

I. Solution

While installing the NMS under Windows 2000 Server, the installation is started with a ".bat" file, and a DOS window pops up. Do not click in the DOS window. Otherwise the above problem may occur.


A-8

If it happens, please switch to the DOS window and press <Enter>. The installation will continue.

A.3.5 Shortcut No Response

There are shortcuts for some right-click menu items, but it may be no response when you click the shortcut key.

I. Solution

At present, the function is still not supported by Java Development Kit (JDK). It is suggested using mouse click to select in the right-click menu instead of clicking the shortcut key.

A.3.6 Help Window No Response

This problem may occur when doing following operations:

1) Select [Help/Topic] to access the online help. 2) Perform some operations on iManager N2000, and switch to the opened help

window during the operations. In this case, the help window may be no response. For example, open the "Create Current Alarm Querying Profile" dialog box, then switch to the help window, you will find that you cannot operate on the help window.

II. Solution

Finish the operation. For example, close all the opened dialog boxes. The help window will recover normal.

To browse help during the operations, please press <F1> to access the online help.

A.3.7 Topology Display Abnormal

The problem may occur when you open a dialog box then draw the roll bar in the topology window. Because there are many topological objects in the topology, the status refreshing may delay.

I. Solution

Switch to other window then return. The topological view will be displayed normally.

A.3.8 Nonstop Alarm Sound

Alarm sound will last till it is cleared. How to stop alarm sound?


A-9

I. Solution

Select [Fault/Audio&Visual/Stop Alarm Box Sound] to stop the current alarm sound. But when a new alarm occurs, the alarm sound will ring again.

To stop all the alarm sounds, you can select {Fault/Fault Setting/Local Property] to pop up "Local Property" dialog box. Click "Audio&Visual Setting" tab, uncheck the audio alarms of all the severities. This is not recommended in case that some faults maybe ignored.

A.3.9 How to View Text Completely

In some text boxes that cannot be edited, the long text may be not shown completely. How to view the text completely?

I. Solution

Click the mouse on the text, there is no cursor icon. But you can click and drag to view the covered text.

A.3.10 Abnormality Occurs When Selecting Multiple Records in Table

In the window of displaying information table, drag your mouse to select multiple records continuously. Some records in the middle may not be selected.

I. Solution

Drag slowly and do not select too many records at one time.

A.3.11 Failed to Restore Database

Use the database backup tool to restore the database from the backup but the operation failed.

I. Solution

Please shut down SQL Server Enterprise Manager before the restoration.

A.3.12 "Admin" Fails to Log in

In the “Login“ dialog box, enter "admin" and "Admin" to log in. For Windows version, both "admin" and "Admin" can log in. For Solaris version, the user "Admin" does not exist, so it cannot log in.


A-10

I. Solution

In Windows system , user names are case insensitive, so "admin" and "Admin" indicate the same user. In Solaris system, user names are case sensitive, so "admin" and "Admin" indicate two different users, and only "admin" can log in.

A.3.13 Device Name Overlap

In the topological view, if the device names are short, they will not overlap after auto layout. If they are very long, they might overlap after auto layout.

I. Solution

Drag the icon with the long device name to a free place until they device names do not overlap.

User Manual HUAWEI iManager N2000 Fixed Network Integrated Management System Appendix B Abbreviations

B-1

Appendix B Abbreviations

Abbreviations Full Name

ACL Access Control List

ADSL Asymmetric Digital Subscriber Line

AMG Access Media Gateway

ATM Asynchronous Transfer Mode

BAM Back Administration Module

BAS Broadband Access Server

BML Business Management Layer

BMS Broadband Management System

CDE Common Desktop Environment

CES Circuit Emulation Service

CLI Command Line Interface

CNM Client Network Management

CORBA Common Object Request Broker Architecture

DCN Data Communications Network

DDN Digital Data Network

DHCP Dynamic Host Configuration Protocol

DMS Data Management System

DNS Domain Name Server

EMF Element Management Framework

EML Element Management Layer

EMS Element Management System

ETG Edge Trunk Gateway

FR Frame Relay

FTP File Transfer Protocol

GK Gatekeeper

GUI Graphic User Interface

HGMP Huawei Group Management Protocol

HTTP Hyper Text Transport Protocol


B-2


JDK Java Development Kit

IAD Integrated Access Device

IADMS Integrated Access Device Management System

ID Identity

IDS Intrusion Detection System

iGWB iGateway Bill

IMA Inverse Multiplexing on ATM

IP Internet Protocol

IPOA IP Over ATM

ITA Intruder Alert

LAN Local Area Network

MA Multi-service Access

MAU Media Attachment Unit

MDC Message Distribution Center

MG Media Gateway

MGCP Media Gateway Control Protocol

MIB Management Information Base

MML Man Machine Language

MRS Media Resource Server

MTBF Mean Time Between Failures

MTTR Mean Time To Recovery

NAT Network Address Translation

NE Network Element

NFS Network File System

NGN Next Generation Network

NML Network Management Layer

NMS Network Management System

OAM Operations, Administration and Maintenance

OSS Operation Support System

POS Packet Over SDH

PPP Point to Point Protocol

PSTN Public Switched Telephone Network


B-3


PVC Permanent Virtual Connection

PVC Permanent Virtual Channel

PVP Permanent Virtual Path

RAS Remote Access Server

SG Signaling Gateway

SLA Service Level Agreement

SML Service Management Layer

SMTP Simple Mail Transfer Process

SNMP Simple Network Management Protocol

SQL Structured Query Language

SoftX Soft Switch

TFTP Trivial File Transfer Protocol

TMF Tele Management Forum

TMG Trunk Media Gateway

TMN Telecommunications Management Network

UDP User Datagram Protocol

UMG Universal Media Gateway

UMS U-SYS Management System

UPS Uninterrupted Power Supply

UUCP Unix to Unix Copy Protocol

VLAN Virtual Local Area Network

VPN Virtual Private Network

WAN Wide Area Network

XML Extensible Mark-up Language

n2000 system user manual

Documents